Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Thank you for joining us for our 5th Anniversary celebration! We certainly hope you enjoy the conference. Here’s to Education, Collaboration, and Community!

Remember, we don’t take ourselves too seriously and you shouldn’t, either! To quote the old motto of another collaborative community, "We trick into learning with a laugh".

We wish you both laughter and learning - and lots of both!

-= Team BSidesLV 
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, August 5
 

09:00

Hacking the Hustle Hands-On, Infosec Resume and Career Strategies
In this workshop, infosec recruiter Eve Adams (@HackerHuntress) will provide hands-on instruction in improving your resume, identifying the infosec job you want, and other career strategies for security professionals. You’ll get an individualized look at your resume from a recruiter who knows the security market like no other, tips on finding the right opportunities and sussing out company culture, and plenty of time for lively, interactive Q&A. Bring your resume and, if possible, a laptop to this hands-on workshop!

Speakers
avatar for Eve Adams

Eve Adams

Senior Talent Acquisition Expert, Halock Security Labs
Eve Adams (@HackerHuntress) is Senior Talent Acquisition Expert at Halock Security Labs, a full-service information security advisory in Schaumburg, IL. Eve leverages three years of security staffing experience to drive recruitment for both internal Halock roles and client placement. She also spearheads Halock's social media presence and counts Twitter as one of her most powerful recruiting tools. She's passionate about information security... Read More →


Tuesday August 5, 2014 09:00 - 13:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

09:00

Wireless Essentials
This class will cover the essentials of using Pentoo, current and emerging 802.11 wireless threats, and the wonderful world of Software Defined Radios. A completed bootstrapped curriculum that will provide new tips and tricks for the advanced, and a completely new experience to those who are just now learning about any of these topics. The class is broken into four parts so that students can come and go as they please.

Speakers
D

DaKahuna

Radio Frequency is my game and Wireless is my hobby. Part of the five-man team teaching the two-day Wireless course at BSidesLV and lead coordinator for the Defcon Wireless Village. By day I can be found supporting a large government agency reviewing and criticizing network and security architectures, advising on matters related to information assurance and information security policies, standards and formal guidances. By night I enjoy snooping... Read More →
RH

Russell Handorf

Built, owned and operated a wireless ISP for 6 years; Infosec professionally for 10 years (unprofessionally for 15); information security researcher (wireless, attacker attribution techniques, honeypots); and other things.
RM

Rick Mellendick

CSO, Signals Defense
Rick Mellendick is the Chief Security Officer for Signals Defense in Owings Mills MD, and has been a security architect for multiple US Government agencies and corporations. Mr. Mellendick specializes in designing and testing wireless networks with non-traditional strategies using offensive techniques. He has over 17 years of IT and security experience, is a builder and breaker of RF signals, inventor of the Wireless Capture the Flag... Read More →


Tuesday August 5, 2014 09:00 - 18:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

10:00

Opening Keynote -- Beyond Good and Evil: Towards Effective Security
The contrast between the enthusiasm which brings together the BSides community and the burnout which impacts our professional lives is so blindingly obvious it's easy to miss.  This talk will focus in on the key reason that so many burnout: the difficulty of being effective, and discuss ways we as a community can transform.

Speakers
AS

Adam Shostack

Adam is a technologist, entrepreneur, author and game designer. He's a member of the BlackHat Review Board and a principal program manager at Microsoft. He helped found the CVE and many other things. He is the author of “Threat Modeling: Designing for Security,” lead designer of "Elevation of Privilege," the co-author of “The New School of Information Security" and co-designer of "Control-Alt-Hack."


Tuesday August 5, 2014 10:00 - 11:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:00

SHA-1 backdooring and exploitation
We've heard a lot about crypto backdoors recently (the flawed Dual_EC RNG, NIST curves and their fishy parameters, etc.). This talk presents new results on crypto backdooring, with the first published backdoor of its kind: a sabotaged version of SHA-1 that allows us to create exploitable collisions, such that we fully control the content of the colliding files: unlike theoretical "breaks" of SHA-1, our collision attacks are practical, although they use sophisticated differential attacks. We'll demonstrate PoCs of colliding binaries (MBR, COM), as well as compressed archives (RAR, 7zip) and JPEG images.

Speakers
avatar for JP Aumasson

JP Aumasson

Principal Cryptographer, Kudelski Security
Jean-Philippe (JP) Aumasson is Principal Cryptographer at Kudelski Security, in Switzerland. He designed the popular cryptographic functions BLAKE2 and SipHash, and the new authenticated cipher NORX. He has spoken at Black Hat, DEFCON, RSA, CCC, SyScan, Troopers. He initiated the Crypto Coding Standard and the Password Hashing Competition projects, and co-wrote the 2015 book "The Hash Function BLAKE". JP tweets as @veorq.


Tuesday August 5, 2014 11:00 - 11:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:00

#edsec: Hacking for Education
Every day, endless consumer and educational technologies provide learning opportunities in classrooms across the planet. We already live in a world where every moment of a child’s life can be recorded with metadata attached-- but what if sensitive education data became part of metadata profiles, too? While there has been a recent massive influx of investment and resources into education technology, few schools have the appropriate resources to build secure infrastructure for sensitive student data, and few education technology companies take the challenge of securing student information seriously. This talk will examine the current state of (in)security in schools and in the education technology industry that leaves sensitive student data and private information exposed for anyone with a basic understanding of hacking to exploit. In addition to exposing the gaping security holes and lack of minimum encryption standards in educational technology, it will focus on ways that hackers, technologists and parents can advocate for more security protections that will keep the private data of children safe and sound.

Speakers
avatar for Jessy Irwin

Jessy Irwin

Security + Privacy Communications
Jessy is a marketing communications professional working in security in San Francisco. She is an outspoken advocate for stronger privacy and security protections in education technology, and spends as much time as possible teaching educators about online privacy + security. She regularly rants about student data privacy, security, and surveillance on Twitter, and her current passions include dinosaurs, big necklaces + tacos.


Tuesday August 5, 2014 11:00 - 11:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:00

The Power Law of Information
Power laws occur widely and irrefutably in economics, physics, biology, and international relations. The root causes of power laws are hard to determine, but a good theory is that proportional random growth causes the phenomenon. This talk will attempt to prove a power law for breach size and breach occurrence volume, using data from over 30,000 businesses. The goal is to show that no matter the set of breaches one picks, the most impactful breach will have more impact than all the others combined. Information security breaches are scale-invariant and distributed according to a power law.

Speakers
avatar for Michael Roytman

Michael Roytman

Senior Data Scientist, Kenna Security
Michael Roytman is Risk I/O’s Data Scientist, responsible for building out Risk I/O’s predictive analytics functionality. He has written about vulnerability management with Dan Geer of In-Q-Tel, and has previously spoken at RSA, SOURCE, various BSides and SIRAcon. He formerly worked in fraud detection in the finance industry, and holds an MS in operations research from Georgia Tech. In his spare time, he tinkers with everything from bikes... Read More →


Tuesday August 5, 2014 11:00 - 11:40
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:00

USB write blocking with USBProxy
"USB mass storage devices are some of the most common peripherals in use today. They number in the billions and have become the de-facto standard for offline data transfer. USB drives have also been implicated in malware propagation (BadBIOS) and targeted attacks (Stuxnet).

A USB write blocker may help to prevent some of these issues and allow researchers to examine the content of the attempted writes. USBProxy allows us to build an external write blocker using cheap and widely available hardware that will be undetectable by the host system."

Speakers
DS

Dominic Spill

Dominic Spill has been building packet sniffers and researching wireless security since 2007. He has been a security researcher and the lead developer for Ubertooth for the past two years while also working on Daisho, FCC.io and USBProxy.


Tuesday August 5, 2014 11:00 - 12:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:00

Skull And Bones (And Warez) - Secret Societies of the Computer Underground (and why you should create one too)
Long ago, during the “Great Age of l33t”, the digital oceans were traversed by notorious bands of pseudonymous ne’er-do-wells. These outlaw fleets, festooned with brightly-colored flags, laden with teenage pomposity and self-importance, roving their way into undiscovered territories . They took whatever they needed, but created many lasting works too.
We will take you on a journey back in time, to experience what life was like during this pioneer era, with tall tales of life on the fringe, epic yarns of solidarity amongst outcasts,  and discuss how forming your own “Digital Outlaw Biker Club” may be a better idea than it ever was.

Speakers
avatar for Databeast

Databeast

Dictator for Life, Mercenary Logic
Databeast discovered the underground by way of the computer demoscene in the late 80's . He founded the award-winning demoscene group "Nerve Axis" and was a member of many more lesser-known underground groups (the names of which have thankfully been lost to history). By day he works on game-changing DFIR projects; by night he's one of those drunken people in the 303 Tshirts you see wandering the halls of DEF CON. He misses the days when the... Read More →
SR

Space Rogue

Strategist, Tenable
Space Rogue and his colleagues created the first security research think tank known as L0pht Heavy Industries and was a co-founder of the Internet security consultancy @Stake. While at L0pht Heavy Industries Space Rogue created the widely popular Hacker News Network, which quickly became a major resource on the Internet for daily information security news. Before HNN he ran the The Whacked Mac Archives, which at the time, was the largest and... Read More →


Tuesday August 5, 2014 11:00 - 12:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:35

So, you want to be a pentester?
So, you've gone to a bunch of conferences, and you've seen the movie Swordfish, and now you think you want to be a super l337 h4x0r, right? This will be a fast-paced, comedy-driven reality check for aspiring pro hackers and others hoping to jump in to infosec as a career.

Speakers
HP

Heather Pilkington

Heather has been in information security for more than ten years. From help desk and change management to incident response and threat and vulnerability management, this is her first full year as a paid penetration tester. But, based on research, conversations with other pros, and her experience during the first year, she's out for a gut check about what it means to be a pentester.


Tuesday August 5, 2014 11:35 - 12:05
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:45

Evading code emulation: Writing ridiculously obvious malware that bypasses AV
Code emulation, a technology capable of detecting malware for which no signature exists. It’s a powerful step in the right direction for client security, but it’s a long way from mature. This talk will demonstrate how the code emulation engine in Anti-Virus Guard (AVG) can be reverse engineered by progressively testing its features, and ultimately evading detection. The result is a Command-and-Control (C&C) bot, in a non-obfuscated windows shell script, that AVG and many other leading AV engines will not detect. I will propose solutions on how these code emulation environments can be improved, making the detection of zero day malware far more successful going forward. This is not a jab against AVG, as they get enormous credit for including such a powerful tool in a free antivirus client.

Speakers
KA

Kyle Adams

Chief Software Architect for Junos WebApp Secure, Juniper Networks
Kyle Adams has been involved with security since a very early age. Self-taught, he learned the basics of hacking and security defense strategies long before entering the professional world. Early on, much of his professional focus was on web security threats like SQLi, XSS, CSRF, etc…but more recently he started researching and working on products to defend against malware based threats. Kyle helped build and design the first commercial... Read More →


Tuesday August 5, 2014 11:45 - 13:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:50

Measuring the IQ of your Threat Intelligence feeds
Threat Intelligence feeds are now being touted as the saving grace for SIEM and log management deployments, and as a way to supercharge incident detection and even response practices. We have heard similar promises before as an industry, so it is only fair to try to investigate. Since the actual number of breaches and attacks worldwide is unknown, it is impossible to measure how good threat intelligence feeds really are, right? Enter a new scientific breakthrough developed over the last 300 years: statistics!

Speakers
KM

Kyle Maxwell

Kyle Maxwell is a private-sector threat intelligence analyst and malware researcher working with incident response and security operations. He is a GPL zealot, believes in UNIX uber alles, and supports his local CryptoParty. Kyle holds a degree in Mathematics from the University of Texas at Dallas.
AP

Alex Pinto

Chief Data Scientist, MLSec Project
Alex Pinto is the Chief Data Scientist of MLSec Project. He has over 14 years dedicated to information security solutions architecture, strategic advisory and monitoring. He has experience with a great range of security products, and has managed SOCs and SIEM implementations for way too long. Alex currently currently holds the CISSP-ISSAP, CISA, CISM and PMP certifications, not that anyone cares. He was also a PCI QSA for almost 7 years, but is... Read More →


Tuesday August 5, 2014 11:50 - 12:40
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:00

Secure your email – Secure your password
Speakers

Tuesday August 5, 2014 12:00 - 12:20
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:00

Allow myself to encrypt...myself!
"At BSides LV 2013, I shared a dream…of a day when all-the-things would be endowed with…with huge…encryption! YES! BIG ENCRYPTION! Where NSA is spelled with F & U! Of a future where I can share my data without sacrificing ownership, confidentiality, or anything else. Where my memes and social awkwardness will be appreciated! Um…seriously though, we played “fantasy defense-in-depth”, sacrificed an “admin dude” dressed like the black knight, and generally shocked the world that the internet isn’t a safe place.

Wait…ok…now seriously, we explored why the “escalation of weaponry” means defense is futile; why the networks of the future, pervasive ubiquity, and other unknowns won’t fit into a secure perimeter; that we need to protect data over devices; that if we can’t control how our data is transmitted, processed, or stored we need to figure out how to protect it!

Can we create data resilient to attack even when the host it resides on is compromised? How do we not lose availability or the ability to share & collaborate with others? We were on the trail last year, but now we think we have a solution & can’t wait to show you! Fast forward 1 year & we have possibly the first open source destined & patent protected comprehensive framework for data protection. It’s a big idea with big challenges destined for failure without your input and expertise so come join the conga line to crazy town!"

Tuesday August 5, 2014 12:00 - 13:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:00

Custodiet watches your packets! The Open Source MSSP Framework
Our friends lose their jobs. McJobs don't cut it, and unemployment sucks. We decided to make a framework that would allow them to start their own businesses, and to keep their technical skills sharp.

We made an open source MSSP framework. Download it, install it, you're in business. Firewalls, IDS, threat feeds, the work. Hell, we even threw in a ticketing system and marketing fliers.

And we want your help. Make it better. Use it. Tweet about it. MAKE MONEY WITH IT!!!

Speakers
JM

Joshua Marpet

Joshua Marpet has been a cop, a horse dentist, a fireman, and an amazingly loud guy at Derbycon. He listens to life stories, is incredibly funny, (at least in his own head), and speaks on some interesting topics. Josh is the managing principal of Guarded Risk. | | Billy Boatright is infinitely smarter than Josh. #JustSayin He's been a flair bartender, a pen tester, and a damn smart guy (Remember? #JustChecking) Billy kicks ass and takes names... Read More →


Tuesday August 5, 2014 12:00 - 13:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:10

Securing Sensitive Data: A Strange Game
Information security compliance regulations like PCI, HIPAA, SB1386 have been around for many years now, but we continue to suffer large data breaches. In this talk, an experienced PCI QSA will discuss why even the best efforts at compliance fail to prevent breaches, provide examples from the field of what goes wrong despite these best efforts, and how to win by not playing - by getting the sensitive data the thieves want out of your environment.

Speakers
JE

Jeff Elliot

Jeff Elliot is an Associate Director at Protiviti, where he is responsible for delivering Information Security services to many of Protiviti's largest clients. With seven years as a PCI QSA, and as the "Primary Contact" for Protiviti with the PCI Council, Jeff leads or consults on many of Protiviti's largest PCI assessment and remediation projects. Jeff and his teams typically find real security gaps that other assessors and client personnel have... Read More →


Tuesday August 5, 2014 12:10 - 12:40
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:30

Is Pavlovian Password Management The Answer?
Speakers

Tuesday August 5, 2014 12:30 - 13:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:30

Highlights of CMU’s Recent Work in Preventing Bad Passwords

Tuesday August 5, 2014 12:30 - 13:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

DoCatsLikeLemon? – Advanced phrase attacks and analysis
Speakers

Tuesday August 5, 2014 14:00 - 14:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

Password Hashing Competition: the Candidates
Speakers
avatar for JP Aumasson

JP Aumasson

Principal Cryptographer, Kudelski Security
Jean-Philippe (JP) Aumasson is Principal Cryptographer at Kudelski Security, in Switzerland. He designed the popular cryptographic functions BLAKE2 and SipHash, and the new authenticated cipher NORX. He has spoken at Black Hat, DEFCON, RSA, CCC, SyScan, Troopers. He initiated the Crypto Coding Standard and the Password Hashing Competition projects, and co-wrote the 2015 book "The Hash Function BLAKE". JP tweets as @veorq.


Tuesday August 5, 2014 14:00 - 14:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

Brick in the Wall vs Hole in the Wall
If (school < hackerspaces) && (textbooks < wikipedia) Then While (self-motivated = true){ experiment; }

If knowledge is power, then schools make us dumb and docile. Hackers know that we learn by doing -- by asking the inappropriate questions, breaking the rules, and being too stubborn to fail. Ironically, educational theorists in ivory towers also know this -- and they are all terrified of the future. Learn how we keep them scared.

Speakers
CD

Caroline D Hardin

Caroline D. Hardin worked as a programmer before serving 3 years in the Peace Corps where she taught IT in high schools and teacher training colleges. She returned to the US work as Program Chair of IT and adjunct professor at career colleges. Realizing that our educational model needed hacking, she’s now a Master’s student at the University of Wisconsin-Madison in the School of Education, Curriculum & Instruction department, Digital Media... Read More →


Tuesday August 5, 2014 14:00 - 14:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

What reaction to packet loss reveals about a VPN
Suppose there is a stream of packets coming through your gateway, their contents apparently encrypted. They may be from
a standard VPN such as OpenVPN or an IPSec implementation running over some non-standard ports or protocol, but you
missed the initial negotiation that could tell you what sort of a VPN that might be. Can you still find out what
software stack and what cipher are being used?

We found out that, if you introduce a periodic disturbance to an encrypted VPN connection, you can fingerprint the VPN
and, in particular, the cipher using nothing but packet timings of typical file transfers. We found out also that many
things we take for granted aren't necessarily true - e.g., that double encryption may not be better for resisting
fingerprinting, and that the most common encryption algorithms differ more in performance than one would think they do.

We believe that the fingerprinting signatures are due to the interactions between the cryptographic and the network
layers of the VPN, the cross-layer effects that have been largely overlooked to date. Our findings suggest that these
interactions between the layers of a VPN implementation should be studied and taken into account to protect
implementations against information leaks.

Speakers
SB

Sergey Bratus

Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He sees state-of-the-art hacking as a distinct research and engineering discipline that, although not yet recognized as such, harbors deep insights into the nature of computing. He has a Ph.D. in Mathematics from Northeastern University and worked at BBN Technologies on natural language processing research before coming to Dartmouth.
AS

Anna Shubina

Anna Shubina chose “Privacy” as the topic of her doctoral thesis and was the operator of Dartmouth’s Tor exit node when the Tor network had about 30 nodes total. | | Sergey Bratus is a research associate professor at a college in Northern Appalachia, looking for bright and wonderful machines in weird places.


Tuesday August 5, 2014 14:00 - 15:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

Security Management Without the Suck
This talk will discuss real world techniques for implementing and optimizing a security program that we call RADIO(Recon, Analyze, Develop, Implement, Optimize). Conventional wisdom has historically presented guidance that works well in textbook scenarios or for very large companies but often does not integrate well with small to medium size companies. Our Five Step approach aims to provide more reasonable guidance for small to medium size companies or those organizations with operational models that might not lend themselves well to traditional methods.

Speakers
avatar for Tim Krabec

Tim Krabec

Information Security Analyst, [Redacted]
Just Father with an Infosec problem.
TT

Tony Turner

Tony Turner Bio: Tony has over 10 years of working experience in the information security field, specializing in Web Application Firewalls and Web Application Architecture. Tony has a wide range of experiences including Penetration Testing, Incident Response, Security Architecture, Security Program Development, and PCI Compliance. Before joining GuidePoint Security as a Managing Security Consultant, Tony was the Senior Project Lead for Darden... Read More →


Tuesday August 5, 2014 14:00 - 15:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

Master Serial Killer
Project Robus is a search for vulnerabilities in ICS/SCADA protocol stack implementations. Most research and commercial tools to date have focused on the PLC/RTU/controller (server). Project Robus tests both the RTU server and the master (client) sides of DNP3 and Modbus protocol stack implementations. Attacking the DNP3 master in the control center can eliminate the ability to monitor and control an entire SCADA system, such as an entire electric transmission or distribution system … all from accessing a serial or IP connection in one unmanned substation.

Speakers
CS

Chris Sistrunk

Sr. Consultant, Mandiant
Chris Sistrunk is a Senior Consultant at Mandiant, focusing on cyber security for industrial control systems (ICS) and critical infrastructure. Prior to joining Mandiant, Chris was a Senior Engineer at Entergy (over 11 years) where he was the Subject Matter Expert (SME) for Transmission & Distribution SCADA systems. He has 10 years of experience in SCADA systems with tasks such as standards development, system design, database configuration... Read More →


Tuesday August 5, 2014 14:00 - 15:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

Strategies Without Frontiers
Predicting your adversary's behaviour is the holy grail of threat modeling. This talk will explore the problem of adversarial reasoning under uncertainty through the lens of game theory, the study of strategic decision-making among cooperating or conflicting agents. Starting with a thorough grounding in classical two-player games such as the Prisoner's Dilemma and the Stag Hunt, we will also consider the curious patterns that emerge in iterated, round-robin, and societal iterated games.

But as a tool for the real world, game theory seems to put the cart before the horse: how can you choose the proper strategy if you don't necessarily even know what game you're playing? For this, we turn to the relatively young field of probabilistic programming, which enables us to make powerful predictions about adversaries' strategies and behaviour based on observed data.

This talk is intended for a general audience; if you can compare two numbers and know which one is bigger than the other, you have all the mathematical foundations you need.

Speakers
avatar for Meredith L. Patterson

Meredith L. Patterson

By day a mild-mannered build engineer, by night the leader of the Langsec Conspiracy (http://www.langsec.org), Meredith L. Patterson lives in Brussels, Belgium. She wrote and maintains the Hammer parser generator library (https://github.com/UpstandingHackers/hammer), and is currently working on Tongs, a "standard library" of reference implementations of protocol, file format, and message format parsers. When not traveling to far too many... Read More →


Tuesday August 5, 2014 14:00 - 15:20
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

C.R.E.A.M. – The Art of Social Engineering Report Writing
C.R.E.A.M. – The art of Social Engineering Report Writing 1. How to plan a Social Engineering Attack 2. Documenting the Social Engineering Attack 3. Writing the report a. Main purpose of the report b. What to put in the report c. One size does not fit all d. Report Structure i. Summary ii. Intro iii. Scope iv. OSINT v. Findings vi. Attack execution 1. Attack doco 2. Scope 3. Summaries vii. Recommendations and Remediations viii. Closing Summary 4. Presenting your report

Speakers

Tuesday August 5, 2014 14:00 - 18:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:30

14:30

14:35

Cut the sh**: How to reign in your IDS.
Intrusion detection systems, Network Security Monitoring. All too often, these countermeasures are portrayed as the ‘boy who cried wolf’, the magical box with blinking lights that does nothing but get the checkbox from $COMPLIANCE_AUDITOR, or that data that gets logged to your magical SIEM somewhere, and is never heard from again. I’m here to show you how to actually cut the shit on your IDS, get actionable intelligence, and make yourself the hunter, instead of the hunted.

This talk will primarily be focused around Snort and Suricata, since for the sake of this talk, they operate about the same, and they are where I got most of my battle scars. I’ll also be introducing resources for standing up your own sensors quickly, and cutting the shit rapidly.

Speakers
TR

Tony Robinson/da_667

Tony Robinson (@da_667) was a born and raised Detroiter. His background in IDS came from the school of hard knocks at Sourcefire (now a part of Cisco) as both a Technical Support Engineer, and Professional Services Consultant. He now works for a large, un-named power company, actively defending your SCADAs.


Tuesday August 5, 2014 14:35 - 15:05
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:00

Using cryptanalysis to speed-up password cracking

Tuesday August 5, 2014 15:00 - 15:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:00

Untwisting the Mersenne Twister: How I killed the PRNG
"Applications rely on generating random numbers to provide security, and fail catastrophically when these numbers turn out to be not so “random.” For penetration testers, however, the ability to exploit these systems has always been just out of reach. To solve this problem, we've created “untwister:” an attack tool for breaking insecure random number generators and recovering the initial seed. We did all the hard math, so you don't have to!

Random numbers are often used in security contexts for generating unique IDs, new passwords for resets, or cryptographic nonces. However, the built-in random number generators for most languages and frameworks are insecure, leaving applications open to a series of previously theoretical attacks.

Lots of papers have been written on PRNG security, but there's still almost nothing practical you can use as a pentester to actually break live systems in the wild. This talk focuses on weaponizing what used to be theoretical into our tool: untwister.

Let's finally put rand() to rest."

Speakers
DA

Dan 'AltF4' Petro

Dan Petro is a Senior Security Analyst at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he focuses on application penetration testing and secure development. | | Dan has presented at numerous conferences, including DEFCON, HOPE, and BSides, and is the founding member of the Pi Backwards CTF team... Read More →


Tuesday August 5, 2014 15:00 - 16:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:00

Vulnerability Assessments on SCADA: How i 'owned' the Power Grid.
Critical Infrastructure security has been on the news and the talk of the town since 2005. While there are many talks and demonstrations about how to penetrate and exploit SCADA systems, little discussions about the pre-exploitation phase were shared and discussed. I'm talking of course about the Vulnerability Assessment phase. Some may have performed such assessment before and many are curious as to how to start it in the first place. Questions like, what are the methodologies used in performing an assessment on SCADA networks? What information is required before we click the 'Start Scan Now' button? What plugins should be used? And do my scans guarantee that these ultra sensitive systems will not go down? And which approach (automatic or manual) should be used in which situation. This talk is to share my personal experience and challenges faced during a SCADA assessment. I will also give an overview of a typical SCADA environment, the tools used for the assessment, the type of vulnerabilities found and how easy it is for an attacker to potentially 'own' the Power Grid and why the US is vulnerable.

Speakers
FB

Fadli B. Sidek

Security Consultant, BT Global Services
A security consultant by day and a bookworm by night, Fadli works at BT as a penetration tester and has a huge passion in security. He graduated from Murdoch University, Australia with a Double Majors Degree in Cyber Forensics, Information Security Management. He has over 8 years of experience in IT and Security and has written and published security articles in Pentestmag and Hakin9. Besides writing articles, he also took part in CTF... Read More →


Tuesday August 5, 2014 15:00 - 16:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:00

501(c)(3) for (un)fun and (non)profit
So you want to be a non-profit charitable corporation, eh? Do you understand what that means, the amount of work involved, and the restrictions 501(c)(3) places on your fundraising? In this talk, I will review the process Security BSides Las Vegas, Inc. went through to become a 501(c)(3), and discuss the restrictions imposed by being an IRS-recognized charitable organization. I'll also discuss a few options to 501(c)(3), as well as the advantages to federal non-profit status. Participants in this talk will have a better idea of the pros and cons of 501(c)(3) status, and the challenges involved in becoming a 501(c)(3).

Speakers
avatar for Tenable Network Security

Tenable Network Security

Recruiting, Tenable Network Security
At Tenable, we are all about innovation, creativity and purpose, with a passion for designing solutions that change people’s lives and make a difference in the world. Network security is one of the world’s fastest growing fields, and our fresh ideas and proven products are revolutionizing the industry. We have big plans for continued global growth in 2016 and beyond, and we are looking for people who are creative, adaptable and... Read More →


Tuesday August 5, 2014 15:00 - 16:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:10

Geek Welfare -- Confessions of a Convention Swag Hoarder
Have you ever had to justify to your company why you had to go to that expensive conference and give away all that swag — or why you came back with so much of it? Tired of explaining who “HardOn Soft” is when clients see their coffee mug on your desk? Who needs that many XXXXL T-shirts, anyway?!

Guess what — that’s all money that’s flying out of those companies’ hands with almost no return on investment (ROI)! Even worse, with so many ways to repurpose and repackage 90% of the swag out there, they can’t even claim they’re generating brand awareness!

Learn from a self-diagnosed Swag Hoarder on how to avoid your company wasting its hard-earned money on swag no self-respecting person would use (without a few “alterations”) — or if you’re just another face in the crowd, how to exploit what other companies are up to both by figuring out how to make sure of all the crap- er, ‘promotional material’ they give you, as well as how to win an iPad or other great prizes! (No, I won’t be GIVING one out at this talk, but there are tricks that will make it a lot easier for you to get one at your next big trade show!)

Speakers
avatar for Rachel Keslensky

Rachel Keslensky

Usability Specialist, Dynamic Marketing Systems
A force from the Southeast Hacker Convention scene, Rachel has picked up plenty of unusual knowledge both from her formal education as well as what she’s picked up on her own from working on her creator-owned graphic novel series, Last Res0rt.Rachel has two degrees from the Georgia Institute of Technology, most recently a Master’s Degree in Human-Computer Interaction. | | While earning those degrees, she’s also made a name... Read More →


Tuesday August 5, 2014 15:10 - 15:40
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:30

ClusterF*ck - Actionable Intelligence from Machine Learning
Everybody is aware of the buzzword BINGO wining square of "Machine Learning", but how can we apply this to a real problem? More importantly what output can we drive from doing some analysis! This talk will cover clustering (unlabeled data) of file types based off various static features. Then, using information from the clusters, is it possible to automatically generate Yara signatures to go hunting for files that are similar? We believe so, and we'll show you how you can do this at home.

Speakers
DD

David Dorsey

David has been in the security field for over 10 years now. He enjoys static file analysis and tearing apart shellcode. He's starting to add various data analysis techniques to this toolbox when before he would only rely on hex editors, debuggers, and disassemblers.
MS

Mike Sconzo

Mike enjoys attempting to solve/solving interesting security problems with data analysis. He's spent most of his career on the defensive side, and is constantly looking for new ways to detect suspicious and malicious behavior. His background is heavy in network analysis and most of the explored techniques revolve around use cases involved with network forensics. Mike also really dislikes talking about himself in the 3rd person.


Tuesday August 5, 2014 15:30 - 16:10
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:40

Password Security in the PCI DSS
Speakers

Tuesday August 5, 2014 15:40 - 16:40
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:40

How Forced Password Expiration Affects Password Choice
Speakers

Tuesday August 5, 2014 15:40 - 16:40
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:45

No InfoSec Staff? No Problem.
Every IT organization accessing sensitive data, regardless of their size, must protect that data. Otherwise, your company is exposed to unacceptable risk. However, since cyber attacks on small and medium size businesses (SMB’s) rarely make headlines, it is easy for these IT organizations to develop a false sense of security. Information security is becoming increasingly challenging as both IT complexity and the threat landscape are evolving at an accelerated pace. During this presentation, I will share my methodology, including key, actionable recommendations to help you meet the challenge and manage your IT risk.

Speakers
AC

Anthony Czarnik

Experience on in-house IT teams, independent consulting and as a software vendor, Anthony Czarnik has developed a 360 degree perspective of Information Technology and Security. His professional roles include solutions architect, application developer, project manager, information security practice leader, partner manager, presenter, author, educator and most recently, CEO. | | Mr. Czarnik has attained extensive information security and risk... Read More →


Tuesday August 5, 2014 15:45 - 16:15
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:00

Anatomy of memory scraping, credit card stealing POS malware
Cedit card stealing RAM scraper malware is running amok compromising point-of-sale (POS) systems. Recent breaches have shown that exposure to such attacks is high and there is a lot at risk. This presentation shows how the attack is carried out by looking at the nuts-and-bolts of a home grown malware sample. During the demo we will pretend to be the bad guy and steal information from the belly of the POS process. Then we switch hats, expose the malware to multiple environmental hazards to study its behavior and identify strategies that can be implemented to make it hard for the malware to behave correctly and deter the bad guys. If all goes well, you will walk away with RAM scraping and prevention mojo.

Speakers
avatar for Amol Sarwate

Amol Sarwate

Director of Vulnerability and Compliance Labs, Qualys Inc.
As Director of Vulnerability Labs at Qualys, Amol Sarwate heads a worldwide team of security researchers who analyze threat landscape of exploits, vulnerabilities and attacks. He is a veteran of the security industry who has worked for the last 15 years on firewalls, vulnerability scanners, embedded security at McAfee, Hitachi, i2 and other organizations. He has presented his research on various topics like Vulnerability Trends, Credit Card... Read More →


Tuesday August 5, 2014 16:00 - 17:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:00

Malware Analysis 101 - N00b to Ninja in 60 Minutes
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the big boys. This presentation covers several analysis environments and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.

Speakers
avatar for grecs

grecs

Founder, NovaInfosec.com
grecs has over 17 years experience, undergraduate and graduate engineering degrees, and a really well known security certification. Despite his formal training, grecs has always been more of a CS person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for five years, he discovered his love of infosec and has been pursuing this career since. Currently, he spends his days doing... Read More →


Tuesday August 5, 2014 16:00 - 17:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:00

Protecting Data – How Cultural-Political Heritage Shapes Security Approaches
In Europe, security systems are built with the end goal to safe-keep the privacy of sensitive data. In the U.S, security systems are architected with the goal of securing sensitive infrastructures. Recent revelations about the NSA snooping and international backlash demonstrate the dramatic international differences in privacy vs. security values. Those differences also play out in how security systems are architected. Beginning with “what is the data being protected?” vs. “how do we keep the bad guys out?” will lead to two very different security solutions.

Speakers
MP

Malte Pollmann

CEO, Utimaco
CEO of Utimaco, a leader in high-end hardware-based security solutions that provide the root of trust to keep cryptographic keys safe, secure critical digital infrastructures and protect high value data assets.


Tuesday August 5, 2014 16:00 - 17:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:20

Can I Code Against an API to Learn a Product?
“Can I learn how to use the product my company sells by interfacing with its API?”

That was the question I asked myself when I started at OpenDNS in the marketing department. Having learned and used Python in business school, I decided to create an application that would monitor my organization’s DNS queries and email me a daily list of all new domains.

This talk walks you through my journey of re-familiarizing myself with Python, interoperating with a new product’s API, and massaging the results into a daily alert. The end goal: to create something useful to reference for future development, to learn about the API, and to impress my colleagues - many of whom have no idea that I’m doing this in the first place.

In my talk, I will provide examples of my logic, coding decisions, and any other stumbling blocks I ran into along the way in the hopes that attendees will take the plunge and hack away at something cool to further their knowledge.

Speakers
AM

Adrienne Merrick-Tagore

Adrienne Merrick-Tagore is a unicorn - but by day, she works as Product Marketing Manager at OpenDNS. Prior to joining OpenDNS, she worked in Marketing at WhiteHat Security. Before WhiteHat, she worked in several roles in the Financial Services industry, including Product Management and User Experience Design. | | Her current focus is simplifying communications between groups, both internally and externally. Having experience in the security... Read More →


Tuesday August 5, 2014 16:20 - 16:50
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:20

Know thy operator
In real world systems, operators are often inundated with alarms which alert when various anomalous events are detected. A software tool was developed that makes use of machine learning methods to allow the operators the ability to prioritize events of high interest. This tool relies heavily on the quality and validity of the data used for training.   

Speakers
MB

Misty Blowers

Dr Misty Blowers works for the US Airforce Research Laboratory in Rome, NY working in the cyber operations branch. She is also a Professor of Data Mining at Syracuse University.


Tuesday August 5, 2014 16:20 - 17:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:50

Defense with 2FA
Speakers

Tuesday August 5, 2014 16:50 - 17:50
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:50

16:55

Bridging the Air Gap: Cross Domain Solutions
For years the government has been using CDS to bridge networks with different classification levels. This talk will focus on what CDS systems are, how they’re built, and what kind of configurations are common in the wild. Furthermore, we’ll look at testing techniques to evaluate the security of these systems and potential ways to exploit holes in configuration and design. We’ll also look at the ways the commercial world might benefit from a data and type-driven firewall as well as some of the downfalls and negative aspects of implementing a cross-domain system.

Speakers
PO

Patrick Orzechowski

Shifty is a veteran of over a decade in the infosec industry, some computer science schooling, dozens of conferences, and multiple brain-arcings. His particular area of interest is data-driven security, whether it’s mining actionable intel from mountains of metadata or protecting systems from unwanted activity. He spent a significant amount of time certifying and penetration testing Cross Domain Solutions for the government with varying degrees... Read More →


Tuesday August 5, 2014 16:55 - 17:25
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

17:00

Cluck Cluck: On Intel's Broken Promises
Cluck Cluck presents an architectural, OS-independent method for accessing arbitrary physical memory from kernel shell-code or forensics memory acquisition tools where the virtual addresses of the paging structures are not known -- 'breaking out' of virtual memory. Currently, the virtual address for the page directory is hard coded in the kernel, but this is specific to each OS and version thereof. Cluck Cluck solves the chicken and egg problem (needing access to the page structures to gain access to the page structures) at an OS-independent, architectural level, highlighting how a newer Intel feature violated existing guarantees.

Speakers
avatar for Jacob Torrey

Jacob Torrey

Jacob Torrey is an Advising Research Engineer at Assured Information Security, Inc, where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the... Read More →


Tuesday August 5, 2014 17:00 - 18:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

17:00

Travel Hacking With The Telecom Informer
People who know that I have visited all seven continents tell me all the time, “I could never travel as much as you do.” Granted, North Korea, Antarctica and Myanmar are not for everyone, but if you’re living in the developed world, travel is very much within your reach. All you need is flexibility and your hacker ingenuity. In this talk, you’ll learn why you should travel, and how you can do it for little or nothing by applying hacker ingenuity and using travel hacks.

Speakers
avatar for TProphet

TProphet

Telecom Informer, 2600: The Hacker Quarterly
Legend of lounge and creator of chill TProphet has played for audiences all over the world. As co-founder of Queercon and Photosynthesis Festival and member of the Immersion System and GoaProductions DJ collectives, TProphet has bridged music and hacker culture for over a decade.


Tuesday August 5, 2014 17:00 - 18:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

17:00

FAP Fully Automated Pwning Techniques for Automated Reversing
Techniques to fully automate finding certain vulnerabilities while reversing have become much easier due to research using XUtools (extended grep and diff). This talk will explore these newly discovered automated techniques for reversing. Join us while we help to demystify certain aspects of reversing while pissing off prima donna reversers. What more can you ask for in an underground talk?

Speakers
EB

Edmond 'bigezy' Rogers

bigezy Actively involved as an industry participant in many research activities in UIUC's ITI’s TCIPG Center, including work on NetAPT (the Network Access Policy Tool) and LZFuzz (Proprietary Protocol Fuzzing). Prior to joining ITI, Bigezy was a security analyst a Fortune 500 investor-owned utility. Bigezy was a security manager and network architect for a transfer agent for 43% of all mutual funds. He began his career by founding of the first... Read More →


Tuesday August 5, 2014 17:00 - 18:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

17:10

Improving security by avoiding traffic and still get what you want in data transfers
Critical infrastructure systems are frequently constructed with components never designed for use in today's networked environment. While security conscious enterprises have extensive security mechanisms, these do not immediately transfer to many of our critical infrastructure networks. And yet we still need to move data in and out of them safely. This talk examines how to use the computer science concept of state to provide the equivalent of system isolation from hostile traffic on the network. Forget firewalls, air-gaps, and VPNs, and learn to embrace state transfers. This talk will explore the use of state transfer as a safer alternative to network data transfers. As more and more of our critical infrastructure is using TCP/IP networking and being connected via the Internet, methods to isolate the systems from a traffic signal point of view offer the best current technology to protect our networks, both operational technology (OT) and IT. This talk will give real world examples showing how to maintain all desired functionality, and yet sever the connection to unwanted signals carried in network traffic.

Speakers
avatar for Art Conklin

Art Conklin

Associate Professor, University of Houston
Wm. Arthur Conklin is an Associate Professor and Director of the Center for Information Security Research and Education in the College of Technology at the University of Houston. He holds two terminal degrees, a Ph.D. in Business Administration (specializing in Information Security), from The University of Texas at San Antonio (UTSA) and the degree Electrical Engineer (specializing in Space Systems Engineering) from the Naval Postgraduate... Read More →


Tuesday August 5, 2014 17:10 - 17:50
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

17:30

Back Dooring the Digital Home
This talk will cover a high level vulnerability analysis of a modern digital home security system, which includes technologies such as an android touch screen, wireless motion sensors, cameras, zigbee components, mobile application(s), digital door locks, and thermostats.

Speakers
DL

David Lister

David has been active in many areas throughout the past 15 years, including roles as a sysadmin, developer, network engineer, firewall guy, appsec dude, and pentest monkey. He holds a Master's degree in Infrastructure Assurance, along with certifications such as OSCP, CCISO, CISSP, CASP, CCNA, CEH, ECSA, CPT, RHCSA, security+, cloud+, and probably some others, but does not include them all in every email signature. Currently David is a Security... Read More →


Tuesday August 5, 2014 17:30 - 18:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

18:00

I have the hashcat so I make the rules

Tuesday August 5, 2014 18:00 - 18:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

18:00

Authentication in the Cloud – Building Service
Speakers

Tuesday August 5, 2014 18:00 - 18:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

18:00

The Semantic Age - or - A Young Ontologist's Primer
As Big Data and Machine-Learning start to make strides into Infosec, most of the rest of us are still working in SQL databases, CSV files and glueing things together with python and javascript - while the folks with the Math degrees seem to be having all the fun with the data. Well, no more. We're information security practitioners : data is nice, but information is better - but how can we go from wikis, notes and whitepapers to processing the information we generate and doing something fun with that? Semantic Data systems open up machine learning and reasoning to the rest of us, with plain-language operations and natural language storage of information, not data. The Semantic Web has been around since the early days of the web, but is still misunderstood, and difficult to get into - so I've done all the hard work for you already - come and learn some practical tools, technologies and techniques for encoding the 'things we know' on top of the 'things we have' and show the world that you don't need a PhD in Applied Mathematics to come take part in the emerging world of information-drive information security.

Tuesday August 5, 2014 18:00 - 18:40
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

18:40

Penetrate your OWA
Speakers

Tuesday August 5, 2014 18:40 - 19:10
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

18:40

How EFF is Making STARTTLS Resistant to Active Attacks
Speakers
YZ

Yan Zhu

Yan Zhu is a Staff Technologist with EFF. Yan writes code and words to enable pervasive encryption and protect Internet users' privacy. Besides maintaining HTTPS Everywhere at EFF, she is a core developer of SecureDrop and founder of the Worldwide Aaron Swartz Memorial Hackathon Series. In her spare time, Yan writes about the intersection of computer security and humansand tries to find interesting ways to break web applications. She holds a B.S... Read More →


Tuesday August 5, 2014 18:40 - 19:10
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

19:10

Surprise talk + advisory release

Tuesday August 5, 2014 19:10 - 19:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV
 
Wednesday, August 6
 

09:00

You Hack, We Capture: Attack Analysis with Honeypots
Honeypots are systems aimed at deceiving malicious users or software that launch attacks against the infrastructure of various organizations. They can be deployed as protection mechanisms for an organization’s real systems, or as research units to analyze the methods employed by human hackers or malware. In this workshop we will study the operation of a two research honeypots. A honeypot system will undertake the role of a web trap for attackers who target the SSH service. Another one will undertake the role of a malware collector, usually deployed by malware analysts to gather and store malicious binary samples. We will also talk about post-capturing activities and further analysis techniques. Furthermore, visualization tools and techniques will be presented, plus a honeypot bundle Linux distribution that contains pre-configured versions of the above tools and much more related utilities, which can make the deployment of honeypots in an easy task.

Speakers
avatar for Ioannis Koniaris

Ioannis Koniaris

Software Engineer (Security Team), Yelp
Ioannis is an Information Security engineer and researcher, working to protect company assets, data and operations. His general interests are programming, security, development operations (DevOps) and cloud computing while his academic interests include honeypots, honeyclients, botnet tracking, malware analysis, intrusion detection and security visualization. Ioannis has released a number of utilities to aid information security professionals... Read More →


Wednesday August 6, 2014 09:00 - 13:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

09:00

Wireless Essentials
This class will cover the essentials of using Pentoo, current and emerging 802.11 wireless threats, and the wonderful world of Software Defined Radios. A completed bootstrapped curriculum that will provide new tips and tricks for the advanced, and a completely new experience to those who are just now learning about any of these topics. The class is broken into four parts so that students can come and go as they please.

Speakers
D

DaKahuna

Radio Frequency is my game and Wireless is my hobby. Part of the five-man team teaching the two-day Wireless course at BSidesLV and lead coordinator for the Defcon Wireless Village. By day I can be found supporting a large government agency reviewing and criticizing network and security architectures, advising on matters related to information assurance and information security policies, standards and formal guidances. By night I enjoy snooping... Read More →
RH

Russell Handorf

Built, owned and operated a wireless ISP for 6 years; Infosec professionally for 10 years (unprofessionally for 15); information security researcher (wireless, attacker attribution techniques, honeypots); and other things.
RM

Rick Mellendick

CSO, Signals Defense
Rick Mellendick is the Chief Security Officer for Signals Defense in Owings Mills MD, and has been a security architect for multiple US Government agencies and corporations. Mr. Mellendick specializes in designing and testing wireless networks with non-traditional strategies using offensive techniques. He has over 17 years of IT and security experience, is a builder and breaker of RF signals, inventor of the Wireless Capture the Flag... Read More →


Wednesday August 6, 2014 09:00 - 18:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

10:00

All your SAP P@$$w0ЯdZ belong to us

Wednesday August 6, 2014 10:00 - 10:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

10:00

Proof of work as an additional factor of authentication

Wednesday August 6, 2014 10:00 - 10:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

10:00

iOS URL Schemes: omg://
Have you ever clicked a phone number in Safari to get the phone app to call that store/car dealership/pizza place you were searching for?

In iOS, this interaction between apps happens via URL schemes, which are available to Apple applications as well as third party applications. Everyone uses them without noticing they exist. They are the most flexible of the imperfect methods available right now.

They are, however, a source of user input that should never be trusted as safe. In this presentation, we will look at real life examples of implementations of URL Schemes that could lead to issues such as destruction of data or help a malicious person identify an iOS user.

We will also look at simple ways to improve URL Scheme security for users of your apps as well as how to find URL Scheme vulnerabilities, for the ones out there who would like to help out.

Speakers
avatar for Guillaume Ross

Guillaume Ross

Senior Security Consultant, Rapid7
Guillaume provides customers with expert advice to help define a program that fits their needs and meets their key business objectives. He has more than 10 years of experience in security and IT, and has worked with a variety of clients, including Fortune 1000 companies and organizations across various vertical industries, such as finance, mining, education, engineering, and transportation. He is known for exposing security issues related to... Read More →


Wednesday August 6, 2014 10:00 - 10:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

10:00

A Better Way to Get Intelligent About Threats
There is a lot of talk about sharing and the security of our data. A recent Ponemon Report on Exchanging Cyber Threat Intelligence states that current threat sharing mechanisms are broken. Data is not timely enough, scalable or actionable as it often lacks context to a type of threat or actor. Today, government, military, and private organizations do share through unofficial channels (spreadsheets, email listservs, and “fight clubs”), but the time has come for security teams to have a tool to aggregate and analyze the influx of data coming in. More than a feed, and more than a SIEM, the future of threat intelligence lies in the threat intelligence platform.

A threat intelligence platform should achieve many things, but most importantly it should offer a singular platform to aggregate, analyze, and act on threat intelligence data as well as offer options for context, sharing, and privacy. Any mature security organization should consider how and from where they are gathering their data, and what they then do with it.

Attend this session to learn what a threat intelligence platform is and why you need one, and the real-life use-cases to sharing data, keeping it private to only those you wish to share with, and the benefit to collaboration at a large scale to achieve a predictive defense and ensure your threat data is being optimized to the fullest.

Speakers
AV

Adam Vincent

CEO, Cyber Squared Inc.
Adam is an internationally renowned information security expert and is currently the CEO and a founder at Cyber Squared Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company’s creation of ThreatConnect™, the... Read More →


Wednesday August 6, 2014 10:00 - 11:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

10:00

The untold story about ATM Malware
Everyone talks about ATM Malware, we can see videos in Internet hacking these machines but no one explains HOW an attacker can take control of an ATM and command it to dispense the money at will.

Is it possible to control an ATM from a cell phone? What about a Man-in-the-middle attack to intercept the traffic between the ATM and the bank?

Come to my talk and learn these and many other techniques used from Venezuela to Russia Hackers that are emptying ATMs without restrictions.

Speakers
DR

Daniel Regalado

Sr. Malware Staff Researcher, FireEye
Daniel Regalado aka Danux is a Reverse engineer, Malware and Vulnerability researcher, he was responsible to dissect the latest dangerous ATM malware named Ploutus as well as many other different Advanced Persistent Threats. He is the lead author of Gray Hay Hacking book 4th Edition to be released by the end of 2014.


Wednesday August 6, 2014 10:00 - 11:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

10:00

Introduction and Overview: I Am The Cavalry and Empowering Researchers

This session will kick off a day of sessions to empower researchers to make positive change, run by BSidesLV and I Am The Cavalry. The goal is to define the problem space, inspire people to take a leadership role in solving security problems and build up the skills needed to succeed. 

This session gives an introduction and overview of I Am The Cavalry, an update on the current status and activities, an outlook for the future as well as a rundown of the day’s event.

Speakers
avatar for I Am The Cavalry

I Am The Cavalry

I Am The Cavalry
Many people identify with the I Am The Cavalry initiative, but want to maintain a low profile. This account represents those who will be speaking and participating who might not want themselves highlighted.


Wednesday August 6, 2014 10:00 - 11:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

10:00

Business lessons that made me a better Security Professional
Case study of a three year journey of starting and managing a security non-profit.  Will talk about lessons learned from the experience and successes and failures.  Additionally, will also talk about how the non-profit has made a positive impact on the local community and how the lessons learned are also applicable to other facets of one's life and job. Building a non-profit can help break down "echo chambers".

Speakers
TV

Tony Vargas

Technical Leader, Engineering and Security Strategist, Cisco
Tony is a Technical Leader and Security Strategist of Engineering. He is a Distinguished Subject Matter Expert (SME) in Application Security, Security Awareness, IT Security, Cloud Computing and Software Development. He provides both technical leadership and consultation in all of these areas. He often speaks about security at various conferences. He Co-founded and is President of a security non-profit. Tony is also the Chair of (ISC)2's... Read More →


Wednesday August 6, 2014 10:00 - 11:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

10:30

Target specific automated dictionary generation
Speakers

Wednesday August 6, 2014 10:30 - 11:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

10:30

The future of mobile authentication is here
Speakers

Wednesday August 6, 2014 10:30 - 11:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

10:35

Oops, That Wasn't Suppossed To Happen: Bypassing Internet Explorer's Cross Site Scripting Filter
There's a problem with Internet Explorer's anti-Reflective Cross Site Scripting filter. A problem Microsoft knows about, but has decided not to fix. Drop on by and learn a method for bypassing the anti-XSS filter in all versions of Internet Explorer.

Speakers
CM

Carlos Munoz

Carlos Munoz still considers himself relatively new to the world of Information Security, coming from the field of Mechanical Drafting & Design. For the past two and a half years he has focused on Web Application vulnerability assessment and light penetration testing,


Wednesday August 6, 2014 10:35 - 11:05
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:00

Bring your own Risky Apps
BYOD is a cute and harmless-sounding acronym for a trend that is in reality introducing exponentially more risk to end-users and organizations. The common refrain is to seek out and secure your smartphones and tablets from malware and other malicious software which can wreck havoc on a device and completely ruin its integrity. However, BYOD is about more than just introducing hardware; it also brings the issue of BYOApps. Layers of protection covering both the device operating system as well as the apps running on it is required to have a comprehensive solution to combat this problem, which is actually deeper than it seems.

In this co-hosted 45 minute presentation, we will present several real-world case studies of:

- How easy it is to App side-jack to gain root (Jailbreak)
- How a popular app like Flappy Bird can be trojan-ized to defeat two factor authentication.

While the industry loves to talk about sexy malware exploit scenarios, few are exploring the risks that BYOD and BYOApps are introducing, by bringing apps that are hungry for user/private data into the workplace.

Does a flashlight app really need access to a corporate address book or calendar? Should a doc-signing app transmit passwords in clear-text? Should a productivity app have access to corporate email attachments and be able to store them to DropBox? As we scratch beneath the surface, the real security issue is deeper rooted in policy decisions that now must be made on which app behaviors should be allowed in an enterprise environment.

BYOD has really become BYOApps, bringing with it a new layer of complexity with risks outside of obvious issues like malware. Organizations must make policy decisions about behaviors in apps and look for ways to enforce customized policy. A new approach defines the future of how mobile threats will need to be addressed in an automated and scalable way.

Speakers
avatar for Domingo Guerra

Domingo Guerra

President & Founder, Appthority
Domingo Guerra is the President and Co-founder of Appthority. | | Domingo was born and raised in Monterrey, Mexico, and moved to the United States at age 18 to pursue his passion for technology. Domingo is a weekly contributor to the Appthority App Security blog and authors Appthority's semiannual App Risk Management Report, which exposes the security risks of iOS and Android's most popular apps. | Domingo has Product Design, Development... Read More →
avatar for Michael Raggo

Michael Raggo

Director, Security Research, MobileIron, Inc.
Michael T. Raggo, Director of Security Research, MobileIron, Inc. has over 20 years of security research experience. His current focus is threats and countermeasures for the mobile enterprise. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress. A former security trainer, Michael has briefed the FBI and Pentagon, is a participating member of the PCI Mobile Task Force, and is a frequent... Read More →


Wednesday August 6, 2014 11:00 - 12:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:00

Using Superpowers for Hardware Reverse Engineering
Superpowers, normally used by superheroes in the battle of good versus evil, are also accessible to engineers and hackers in equipment used for failure analysis and verification of PCB fabrication and component assembly processes. In this mostly visual presentation, Joe shares his experiences of using lasers, X-rays, and sound waves to facilitate the reverse engineering of electronic products and circuit boards.

Speakers
JG

Joe Grand

Hardware hacker, engineer, runner, daddy.


Wednesday August 6, 2014 11:00 - 12:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:00

Problem Space Overview: I Am The Cavalry
Overviews and updates on each of the primary areas of focus over the past year - medical devices, automotive, home electronics, public infrastructure and policy. 

Speakers
avatar for I Am The Cavalry

I Am The Cavalry

I Am The Cavalry
Many people identify with the I Am The Cavalry initiative, but want to maintain a low profile. This account represents those who will be speaking and participating who might not want themselves highlighted.


Wednesday August 6, 2014 11:00 - 12:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:00

Reverse Engineering Mac Malware
Dynamic malware reverse engineering helps forensic analysts and reverse engineers gather quick data points such as callout domains, file download URLs or IP addresses, and dropped or modified files. These methods have long been used on Windows malware...so why not Mac malware? This presentation introduces the audience to methods, tools, and resources to assist reversing Mac binaries with a Mac. Topics include Mach-O file format, virtualization, analysis VM setup, and various analysis tools (native and 3rd-party). This presentation is intended for those familiar with dynamic analysis (with a touch of static thrown in) or for those reverse engineering masters of the Windows executable to get a introductory idea of how to start analyzing Mac malware.

Speakers
avatar for Sarah Edwards

Sarah Edwards

SANS Author & Instructor of FOR518, SANS Institute
Sarah is an senior digital forensic analyst who has worked with various federal law enforcement agencies. She has performed a variety of investigations including computer intrusions, criminal, counter‐intelligence, counter-narcotic, and counter‐terrorism. Sarah's research and analytical interests include Mac forensics, mobile device forensics, digital profiling and malware reverse engineering. Sarah has presented at the following industry... Read More →


Wednesday August 6, 2014 11:00 - 12:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:10

What I've Learned As A Con-Man
This is a presentation of case studies from past experience and what I have learned from each case in regards to social engineering and the Human Psyche.

Speakers
avatar for Master Chen

Master Chen

VoIP Administrator, Stimulus Technologies
Techno-enthusiast. | Hacker. | Student of Life. | Teacher of Shaolin.


Wednesday August 6, 2014 11:10 - 11:40
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:10

Bitslice DES with LOP3.LUT
Speakers

Wednesday August 6, 2014 11:10 - 12:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:10

Password hashing delegation: How to get clients work for you
Speakers

Wednesday August 6, 2014 11:10 - 12:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:45

Training with Raspberry Pi
One of the biggest questions facing people trying to learn how to hack is “How do you practice without committing a felony?” Wi-Fi is one of the easiest things to break, but it still requires practice to be proficient. To practice, you can either go after a random Wi-Fi network or you can create your own target network. Using an old router is fine, but the passcode has to be changed manually. A Raspberry Pi was turned into a Wi-Fi access point using Hostapd. The goal was to create a hackable target that changes the access code every time it boots.

The Hostapd configuration file has an issue where you cannot store the WEP Key as a variable and then call that variable when the key is defined. This prevents urandom from being used to create a random key. A shell script was written to create the config file every time the Pi boots. This allows for the creation of a random key that can be inserted into the config file before hostapd loads. For verification purposes, the key is logged with creation date and time in a separate monitoring file.

To increase the training benefits of using the Pi platform, a web server was added and vulnerable web apps are hosted. This creates a training platform where both Wi-Fi and web app hacking can be practiced. The ultimate goal is to have a device where you break the Wi-Fi, gain root on the Pi, and force it to reboot. Once it reboots, a new passcode is in place, and the process must start all over. This way, the challenge stays fresh and engaging, and previously collected key material cannot be reused.

Speakers
ND

Nathaniel Davis

Nathaniel has worked in the field for more than three years. He started in policy and moved into network architecture. He now works as a security consultant. His interest in hacking has always been there, but it really started in earnest after wanting to understand how the security threats worked. Nathaniel started researching ways to learn and to practice. His current area of interest is wireless networking.


Wednesday August 6, 2014 11:45 - 12:15
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:00

Invasive Roots of Anti-Cheat Software
Some of the most sophisticated rootkit behaviors are implemented by today's anti-cheat gaming software, in a constantly evolving game of cat and mouse. Game hackers often look for flaws in a system or program’s logic, seeking to exploit them for their own performance gains. As cheats evolve to evade detection, so do the anti-cheat software products, employing hooking mechanisms to catch the newest subversions. Often the effectiveness of an anti-cheat implementation will affect legitimate users’ enjoyment (no one likes to play with cheaters, even cheaters themselves!), making it highly profitable for game developers to focus on improving this technology and expediently identifying game hackers. As a natural consequence, anti-cheat software has grown more invasive and intrusive. For example, a recent version of VAC (Valve's Anti-Cheat Software) was found to scrape gamers' system DNS cache in order to spot commercial game cheats and ban users. Just what else is being extricated from our gaming systems and which products are the worst offenders?

By analyzing system memory, several anti-cheat software implementations will be isolated. With a cadre of reverse engineers, we will walk through just how these products are monitoring for game hacking behavior and if any of these techniques call into question aspects of their End User License Agreements.

Speakers
AT

Alissa Torres

Alissa Torres is a certified SANS instructor, specializing in advanced computer forensics and incident response. Her industry experience includes serving in the trenches as part of the Mandiant Computer Incident Response Team (MCIRT) as an incident handler and working on a internal security team as a digital forensic investigator. She has extensive experience in information security, spanning government, academic, and corporate environments and... Read More →


Wednesday August 6, 2014 12:00 - 13:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:00

Why am I surrounded by friggin' idiots?!? (Because you hired them!)
Let’s face it… Many people have better luck at the craps table that they do hiring the right candidate for their INFOSEC opening. Making matters worse, most of us have come from a purely technical background and don’t know the faintest thing about building our own team. There can be nothing more disheartening than finding out that you've hired the wrong guy, or worse yet, let the *right* one walk away. In this presentation we will discuss strategies for making sure the best new employee makes it in the door. This includes everything from recruiting, prescreening, reviewing resumes, conducting good interviews, and asking tough interview questions. This talk is aimed towards both managers who are tasked with hiring and interviewees who want make sure they are at the top of their game.

Speakers
avatar for Stephen Heath

Stephen Heath

Director of Security Services, Intrinium
Stephen Heath is an INFOSEC/pentester guy who has over a decade of experience in the security industry. He currently serves as Director of Security Services at Intrinium in the Pacific Northwest. He is a theatre fan, lefty wonk, NW sports fanatic, hip hop historian, cinephile, world traveler, father to a 2-year-old, and all around serious nerd.


Wednesday August 6, 2014 12:00 - 13:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:00

Secret Pentesting Techniques Part Duex
As pentesters, we all have special techniques and tricks we use that make our jobs a lot easier. A few years back, I presented at BSIDES LV on some of the cool techniques that I use on a regular basis. This talk will dive down into all of the new techniques and latest and greatest hacks to make pentesting something easy and successful. This talk will also discuss how to mitigate some of the techniques and attacks.

Speakers
DK

David Kennedy

TrustedSec & Binary Defense Systems
Dave Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David was the former Chief Security Officer (CSO) for a Fortune 1000 company where he ran the entire information security program. Kennedy is a co-author of the book "Metasploit: The Penetration Testers Guide", the creator of the Social-Engineer Toolkit (SET), and... Read More →


Wednesday August 6, 2014 12:00 - 13:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:00

Building Skills, Understanding and Influencing People

The directed sessions will use a facilitated Question and Answer format called A&Q. In this format, a primary speaker will cover the topic at a high level for 10 minutes, priming the audience for a 15 minute interactive discussion into specific audience questions. 

12:00 A&Q Session: Public Policy (Paul Rosenzweig)

12:30 A&Q Session: Communications/Presentation (Keren Elazari)

13:00 Lunch Session: Guilds (Chort0)

13:30 Lunch Session: Biggest surprises (Josh Corman)

14:00 A&Q Session: Media (Jen Ellis)

14:30 A&Q Session: Disclosure (Katie Moussouris)

15:00 A&Q Session: Legal (Andrea Matwyshyn)

15:30 A&Q Session: Public Policy (NKryptr)

16:00 A&Q Session: Burnout ()

16:30 A&Q Session: X Altruism (Andrea)

17:00 A&Q Session: Career (Beau Woods)

17:30 Wrapup and Next Steps (Josh Corman)

  • Media - Journalists and media are a powerful way to influence public perception and to get our message out. They have their own internal operations and public interface that we can tap into like an API.

  • Legal - The legal system has a regular and standardized set of processes, outcomes and roles. Understanding these is key to influencing precedent so that it reflects the current technical landscape.

  • Public Policy - Understand the influencers, decision makers and processes that go into making new laws and administering existing ones.

  • Career - How you choose and follow your career path shouldn’t be a random walk and shouldn’t be set in stone. Use your career to maximize your satisfaction and impact.

  • Burnout - The complex state of Burnout is one that affects many in our industry, but help and resources are rare. Learn what it looks like and how to deal with it.

  • X Altruism - Extreme Altruists go out of their way to try and do the right thing, regardless of what others may think or what harm they may face. But these features can become bugs if they don’t find the right outlet.

  • Disclosure - Handling the delicate issue of notifying manufacturers about security vulnerabilities when packets meet blood and bone.

  • Communications - Many of us are less afraid of shaking hands with SSL or modems than real people. But that doesn’t mean we can’t effectively get our ideas across to manufacturers, managers, politicians or parents.



Speakers
avatar for I Am The Cavalry

I Am The Cavalry

I Am The Cavalry
Many people identify with the I Am The Cavalry initiative, but want to maintain a low profile. This account represents those who will be speaking and participating who might not want themselves highlighted.


Wednesday August 6, 2014 12:00 - 17:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:10

Net hashes: A review of many network protocols

Wednesday August 6, 2014 12:10 - 13:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:10

Throw the User ID Down the Well
Speakers

Wednesday August 6, 2014 12:10 - 13:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:20

Black Magic and Secrets: How Certificates Influence You!
Public key certificates are becoming more and more prevalent in software. These certificates are used in more places than just protecting web connections over HTTPS. They are used for authentication, trust, identification and secret trading within apps, behind firewalls and even between services. But, these black magic cryptography tools are only as secure as the code that implements them! Come see how bad practices, designs and testing habits can leave systems vulnerable and prone to exploitation!

Speakers
avatar for Robert Lucero

Robert Lucero

Software Engineer in Test
Robert Lucero is a physics major turned software developer. He has nine years of software development experience working on various projects at Microsoft and more recently at Okta. There’s more stuff on his LinkedIn profile, but he’ll probably tell you more over a beer.


Wednesday August 6, 2014 12:20 - 12:50
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

Attacking Drupal
Drupal is a very popular content management system that has been widely adopted by government agencies, major businesses, social networks, and more -- underscoring why understanding how Drupal works and properly securing these applications is of the utmost importance. This talk focuses on the penetration tester's perspective of Drupal and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists, all of which are open-source and can be downloaded and implemented following the presentation.

Speakers
avatar for Greg Foss

Greg Foss

Head of Global Security Operations, LogRhythm Labs
Greg Foss is LogRhythm’s head of Global Security Operations and a Senior Researcher with Labs – tasked with leading both offensive and defensive aspects of corporate security. He has just under a decade of experience in the information security industry with an extensive background in ethical hacking and penetration testing, focusing on Web application security and red teaming. Greg holds multiple industry certifications including the OSCP... Read More →


Wednesday August 6, 2014 14:00 - 14:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

Vaccinating Android
Number of mobile applications is rising and Android still holds large market share. As these numbers of applications grow, we need better tools to understand how applications work and to analyze them. There is always a question if we can trust mobile applications to do only that they are allowed to do and if they are really secure when transmitting our personal information to different servers. In the presentation some runtime techniques will be discussed and a tool will be released that offers two approaches to analyze Android applications. Basic principle of first approach is injecting small piece of code into APK and then connect to it and use Java Reflection to runtime modify value, call methods, instantiate classes and create own scripts to automate work. The second approach offers much the same functionality, but can be used without modifying an application. It uses Dynamic Dalvik Instrumentation to inject code at runtime so that modifying of APK's isn't necessary. Tool is Java based and simple to use, but offers quite few new possibilities for security engineers and pentesters.

Speakers
MG

Milan Gabor

CEO, Viris
Milan Gabor is a Founder and CEO of Viris, Slovenian company specialized in information security. He is security professional, pen-tester and researcher. Milan is a distinguished and popular speaker on information security. He has previously been invited to speak at various events at different IT conferences in Slovenia and loves to talk to IT students at different Universities. He also leads teaches ethical hacking. He is always on a hunt for... Read More →


Wednesday August 6, 2014 14:00 - 15:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

Demystiphying and Fingerprinting the 802.15.4/ZigBee PHY
Producing IEEE 802.15.4 PHY-frames reliably accepted by some digital radio receivers, but rejected by others---depending on the receiver chip's make and model---has strong implications for wireless security. Attackers could target specific receivers by crafting "shaped charges," attack frames that appear valid to the intended target and are ignored by all other recipients. By transmitting in the unique, slightly non-compliant "dialect" of the intended receivers, attackers would be able to create entire communication streams invisible to others, including wireless intrusion detection and prevention systems (WIDS/WIPS).

These scenarios are no longer theoretic. We present methods of producing such IEEE 802.15.4 frames with commodity digital radio chips widely used in building inexpensive 802.15.4-conformant devices. Typically, PHY-layer fingerprinting requires software-defined radios that cost orders of magnitude more than the chips they fingerprint; however, our methods do not require a software-defined radio and use the same inexpensive chips.

Knowledge of such differences, and the ability to fingerprint them is crucial for defenders. We investigate new methods of fingerprinting IEEE 802.15.4 devices by exploring techniques to differentiate between multiple 802.15.4-conformant radio-hardware manufacturers and firmware distributions. Further, we point out the implications of these results for WIDS, both with respect to WIDS evasion techniques and countering such evasion.

This is joint work with Travis Goodspeed, Rebecca Shapiro, and other good neighbors.

Speakers
SB

Sergey Bratus

Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He sees state-of-the-art hacking as a distinct research and engineering discipline that, although not yet recognized as such, harbors deep insights into the nature of computing. He has a Ph.D. in Mathematics from Northeastern University and worked at BBN Technologies on natural language processing research before coming to Dartmouth.
IR

Ira Ray Jenkins

Ira Ray Jenkins is a Ph.D. student at Dartmouth College. He aspires to make micro-controllers do things they don't expect. | | Sergey Bratus is a Research Associate Professor at Dartmouth College. He enjoys sending his students on quests to find "weird machines" in the jungles of New Hampshire. | | Ray and Sergey will be presenting this work on behalf of many fine neighbors with whom they've worked, both at Dartmouth College and elsewhere.


Wednesday August 6, 2014 14:00 - 15:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

Energy-efficient bcrypt cracking
Speakers

Wednesday August 6, 2014 14:00 - 15:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

Password Generators & Extended Character Set Passwords

Wednesday August 6, 2014 14:00 - 15:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

Ripped from the Headlines What the news tells us about Information Security Incidents
Take a scientific look at information security incidents reported in the public news sources.  This talk introduces the VERIS Community Database (VCDB), a research project aimed at gathering news articles about information security incidents, extracting data, and serving as a public repository of breach data suitable for analysis and research.  We will discuss how to apply the methodology of the Data Breach Investigations Report (DBIR) to public data to answer research questions, and how this view of information security incidents differs from the DBIR.

Speakers
KT

Kevin Thompson

Kevin Thompson (@bfist) is a Risk and Intelligence Researcher with the Verizon RISK Team and one of the authors of the Data Breach Investigation Report. Kevin has worked in health care, higher ed, and defense and has 17 years of IT experience. He is a member of the Society of Risk Analysts, and the Society of Information Risk Analysts and holds various security certifications
SW

Suzanne Widup

Suzanne Widup (@SuzanneWidup) is a member of the Verizon RISK Team and a co-author of the Verizon Data Breach Investigations Report. She focuses on data breach research and has published a series of papers and articles on the topic. She is also the author of Computer Forensics and Digital Investigation with EnCase Forensic, which publishes in May 2014. | | Kevin Thompson (@bfist) is a Risk and Intelligence Researcher with the Verizon RISK Team... Read More →


Wednesday August 6, 2014 14:00 - 15:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00

RFID Hacking
Learn the basics of RFID hacking, in this workshop you will be guided through building an RFID sniffer using an arduino and any RFID reader to output the card data of a prospective target. You will also build a complete RFID sniffer/decoder and “RFID exciter” to energize cards and read them from record distances (up to 10ft). Cost for this workshop is: 33$ USD (if you want to build your own boards; coils and batteries included) Required tools/experience: laptop, arduino (not required, but suggested), basic soldering skills are suggested but not required as well. Soldering irons will be provided.


Wednesday August 6, 2014 14:00 - 18:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:35

Hackers vs Auditors
A view into what hackers are about and what auditors are about, comparison and contrasting.

Speakers
DA

Dan Anderson

President, ISACA Utah Chapter
Dan Anderson has spent his life developing and implementing communications between systems and developing systems and applications in Military, Healthcare, and Mining. First, for the USAF, working on Navigation Systems on various aircraft, then in the Gold Mining industry for RTZ/Kennecott Utah Copper, and finally in the Healthcare Industry for Intermountain Healthcare. He has a background in Electrical Engineering and Chemistry with emphasis... Read More →


Wednesday August 6, 2014 14:35 - 15:05
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:00

Insider Threat Kill Chain: Human Indicators of Compromise
Your organization’s greatest assets are also its greatest threat: People. Your greatest risk are those you trust.

The intentions of these insiders can be sabotage, fraud, intellectual property theft or espionage. However, in many cases, patterns of detectable behavior and network activity emerge that provide indicators of risk, assist in early detection and in speeding up response time of an actual incident.

Speakers
avatar for Ken Westin

Ken Westin

Ken is a creative technologist with 16 years experience building and breaking things through the use/misuse of technology. His technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist and others. He has presented at DEF CON, RSA, Black Hat and BSides around the country and other conferences. In the past he developed forensic and data mining tools to aid in the unveiling of... Read More →


Wednesday August 6, 2014 15:00 - 15:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:00

Security testing for Smart Metering Infrastructure

In July 2010, BC Hydro, the electric utility and grid operator of British Columbia began implementation of its Advanced Metering Infrastructure (AMI) program, formally known as the Smart Meter & Infrastructure (SMI) program. The SMI program transformed BC Hydro from a traditional metering utility to a smart metering utility by implementing smart meters on the customer service points. It was the first step in the smart grid transformation.

 

An AMI program requires the introduction of many new devices and applications into a utility’s infrastructure.  Some of these devices and software may have never been deployed before anywhere in the world. Many are field deployed, outside of the utility’s physical and cyber security perimeters.

 

Security teams within utilities need to take responsibility for the end to end security of an AMI program. Traditional approaches may not be sufficient to deliver this security.  A new approach including pen testing specialist and third party labs may form an important part of this security.

 

A standards based approach will be required to ground the security and penetration testing both in best practice and in a common set of principles that utility and its partners can accept. The Advanced Metering Infrastructure (AMI) Risk Assessment document prepared by the Advanced Metering Infrastructure Security (AMI-SEC) Task Force can form the basis for creation of the test plans. This document has since been passed to the National Institute of Standards and Technology (NIST) Cyber Security Working Group and was integrated into NIST IR 7628. NIST IR 7628 contains a comprehensive list of possible threats to AMI systems.

 

For successful outcomes it is important to consider emerging new factors.  These are discussed in the presentation.

Speakers
RH

Robert Hawk

Principal Consultant, RBH Enterprises
Robert Hawk began working as a Private Investigator and Security Consultant in the metropolitan Vancouver area in 1988. In 1995 Mr. Hawk began working in the Information Technology and Information Systems. Now specializing in the fields of Information Systems Security, Computer Security, Cyber Security, and Information Assurance. For the last four years Mr. Hawk has been working in the energy and utility industries in with a focus on security... Read More →
SV

Steve Vandenberg

Security Team Lead, British Columbia Hydro
Steve Vandenberg has held a variety of technical and leadership positions with General Electric, Hess, the US State Department and BC Hydro, the British Columbia electric utility. Steve has worked in the Middle East, Asia, Europe and the Americas in the areas of SCADA and Controls Engineering, Cyber Security, Securing and Integrating New Systems, Critical Infrastructure Protection and Emerging Threats. | | | | Steve was responsible for the... Read More →


Wednesday August 6, 2014 15:00 - 16:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:00

Fuck These Guys: Practical Countersurveillance
We've all seen the steady stream of revelations about the NSA's unconstitutional, illegal mass surveillance. Seems like there's a new transgression revealed every week! I'm getting outrage fatigue. So I decided to fight back... by looking for practical, realistic, everyday actions I can take to protect my privacy and civil liberties on the Internet, and sharing them with my friends.

Join me in using encryption and privacy technology to resist eavesdropping and tracking, and to start to opt out of the bulk data collection that the NSA has unilaterally decided to secretly impose upon the world. Let's take back the Internet, one encrypted bit at a time.

Speakers
LL

Lisa Lorenzin

Lisa Lorenzin is a network security geek; in her day job, she's worked in a variety of Internet-related roles since 1994, with the past 15 years focused on network and information security. She's currently interested in free speech, privacy, digital rights, and global Internet freedom.


Wednesday August 6, 2014 15:00 - 16:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:10

The problem with the real world
Speakers

Wednesday August 6, 2014 15:10 - 15:40
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:10

Encryption and Authentication: Passwords for all reasons
Speakers
avatar for Jeffrey Goldberg

Jeffrey Goldberg

Chief Defender Against the Dark Arts, AgileBits
Jeffery Goldberg is the Chief Defender Against the Dark Arts at AgileBits, creators of the password manager 1Password.


Wednesday August 6, 2014 15:10 - 15:40
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:10

Third-Party Service Provider Diligence: Why are we doing it all wrong?
The demands of Third Party Service Provider vendor due diligence and compliance management are growing rapidly in light of increased emphasis on these programs by regulators as well as outsourcing to reduce operational costs. Historically vendor diligence programs have not adequately and consistently addressed proactive identification of potential risks, ongoing competence of third party service provider, and production of a vendor management program that truly aligns with business strategies, identifies the risks commensurate with the complexity of the business environment, and produces a clear measure of the effectiveness of the provider.

In addition, service providers suffer under the burden of the sheer number of diligence questionnaires, lack of consistency in them, inconsistent workload, and resource conflicts with compliance and sales efforts. Diligence response is potentially labor intensive with the possibility of providing no return on the investment.

Aimed at third party service providers and businesses with vendor diligence programs, this presentation looks at case studies from real service providers and their customers to exemplify the ways that traditional vendor management fails to meet the objectives of today’s business and the regulatory environment. It then proposes a means to rectify these failures and evolve vendor due diligence programs to the next step. Participants will learn how to establish the goals of the vendor diligence program, understand the scope of the product and its potential impact on their environment, define a central body of knowledge, address only what is important, and iteratively evolve their diligence process to provide a more valuable product in less time.

Speakers
PC

Patrice Coles

Patrice Coles works for a large service provider with multiple products lines where she manages compliance and customer vendor due diligence response. Her areas of expertise include building and growing compliance and vendor response programs from scratch for startups, service providers, and Fortune 50 companies. Her master’s degree in Information Assurance, coupled with a 15-year history of consulting, building and implementing IT audit and... Read More →


Wednesday August 6, 2014 15:10 - 15:40
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:30

A Place to Hang Our Hats: Security Community and Culture
Contrary to popular belief and media depictions, hacking is a social endeavor. By examining the evolution of various hacking groups and collectives over the years, we can glean valuable insight into the structure of today’s hacking space and security culture. From white hat companies to prison, we look at how innovation in exploits and anonymity have reformed and regrouped the hacking clubs of yore.

Speakers
DR

Domenic Rizzolo

Domenic Rizzolo is a Security Research Intern in the Duo Labs division of Duo Security, studying Math and Complex Systems at the University of Michigan. He’s very interested in what exploring security and hacking culture from an historical context can tell us about modern security issues. He has no hat, as he is a very recent addition to the Duo Security team and the infosec community. Generally, he is interested in analytic solutions to social... Read More →


Wednesday August 6, 2014 15:30 - 16:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:45

Pwning the hapless or How to Make Your Security Program Not Suck
Pwning the hapless or How to Make Your Security Program Not Suck

Customer data is our business. Whether within the financial or healthcare industries, the root of our business is to safely house and transmit information to and from trusted parties.

With the growing demand of increased access – in healthcare, from providers, employees, visitors and patients, from a variety of devices, increased federal enforcements of privacy and security requirements under the new HIPAA Omnibus Rule, there is an ongoing challenge of ensuring patient and customer information is adequately protected.

Numerous breaches within both the healthcare and financial fields have involved lost or stolen unencrypted devices, but mistakes by employees continue to be the biggest security threats to all businesses. Even tech-based companies are shown to be at risk for various social engineering attempts.

Why do these breaches keep happening? How can you, as an IT professional, or merely an employee with the safety of your customers’ data a concern, help your business create useful prevention strategies that employees will pay attention to? How do you train your non-tech employees to not be susceptible to social engineering attacks?

Emily, an insurance professional with ten years experience of working for 3 of the 5 biggest US disability insurance companies, and Casey, a Security Engineer with history working for commercial financial firms, will explore the unawareness non-tech employees have of their actions, discuss useful training and resource organization and allocation. We will walk through a few scenarios (the successful and non) and discuss what we have learned from human behavior and how it can apply to enforcing security policies or creating a culture of care.

Technical solutions will not be discussed specifically, as the focus will be on employee awareness, education and how we can do better.

By working through a few scenarios that we have personally encountered, we will address the topics of

- “Why To Care” – Problems with people caring about security
- Testing your people
- Getting the peons out of the loop
- Rewarding Security Efforts

Speakers
CD

Casey Dunham

Casey Dunham, is currently a Security Engineer with Bigelow Laboratories in Booth Harbor, ME. He also runs his own security consultancy, Gnosis Security, Inc. His InfoSec history includes working for commercial financial firms and volunteering at numerous regional and national InfoSec Cons,is the point of contact for DC207, and a member of PWM TOOOL.
EP

Emily Pience

Emily Pience is currently a Clinical Innovation Specialist with [redacted name of major American health and medical insurance company]. She has never worked in InfoSec but was raised by an Electrical Engineer in the cable industry, and believes herself to be a bastard of the engineering / InfoSec / modern Technology fields. She has worked for 3 of the 5 top disability insurance companies in the US and is working on her MS in Social Work. She is a... Read More →


Wednesday August 6, 2014 15:45 - 16:15
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:50

Password Topology Histogram Wear-Leveling, a.k.a. PathWell
Speakers

Wednesday August 6, 2014 15:50 - 16:50
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:50

Enhancing Password Based Key Derivation Techniques

Wednesday August 6, 2014 15:50 - 16:50
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:00

The Savage Curtain
Mobile, the Final Frontier. These are the voyages of two researchers. Their 45 minute mission: to explore strange new apps, seek out new mobile SSL bugs and new SSL implementation flaws, to boldly go where no man has gone before. We'll trek across the mobile landscape showing numerous mobile failures, related to encryption.

Speakers
avatar for Tushar Dalvi

Tushar Dalvi

Senior Information Security Engineer, Vulnerability Research & Assessment, LinkedIn
Tushar loves breaking web applications and ceramic bowls. Tushar Dalvi is a security enthusiast, a pool hustler and currently works as a Senior Information Security Engineer at LinkedIn. He specializes in the area of application security, with a strong focus on vulnerability research and assessment of mobile applications. Previously, Tushar has worked as a security consultant at Foundstone Professional Services (McAfee) and as a Senior... Read More →
TT

Tony Trummer

Sr. Security Engineer, LinkedIn
Tony has been working in the IT industry for nearly 20 years and has been focused on application security for the last 5 years. He is currently a penetration tester for LinkedIn, running point on their mobile security initiatives. Prior to LinkedIn, he has worked for Warner Bros Advanced Digital Services, IBM and AT&T, among others and served 6 years in the U.S. Army Signal Corps. When he's not hacking, he enjoys thinking about astrophysics... Read More →


Wednesday August 6, 2014 16:00 - 17:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:00

Booze, Devil's Advocate, and Hugs: the Best Debates Panel You'll See at BSidesLV 2014
Our four intrepid debaters will tackle the most pressing issues facing the security community today, as suggested by you, our insightful audience. See them use their amazing powers of speech, logic, and insinuation to best each other. You vote for the most convincing argument, and the loser drinks.  This is a funny and thought-provoking session, driven by audience participation, alcohol, and hugs.    

Moderators
DM

David Mortman

Chief Security Architect and Distinguished Engineer, Dell
David Mortman is the Chief Security Architect and a Distinguished Engineer at Dell Software and has been doing Information Security for 20+ years. Additionally he is a Contributing Analyst at Securosis and on the Global Board of Directors for BSides. Most recently, he was the Director of Security and Operations at C3. Previously, David was the CISO at Siebel Systems and the Manager of Global Security at Network Associates. David speaks regularly... Read More →

Speakers
avatar for Joshua Corman

Joshua Corman

CTO | Founder | Founder, Sonatype | I am The Cavalry | Rugged
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the world’s increasing... Read More →
DK

David Kennedy

TrustedSec & Binary Defense Systems
Dave Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David was the former Chief Security Officer (CSO) for a Fortune 1000 company where he ran the entire information security program. Kennedy is a co-author of the book "Metasploit: The Penetration Testers Guide", the creator of the Social-Engineer Toolkit (SET), and... Read More →
ZL

Zach Lanier

Zach Lanier is a Senior Security Researcher with Duo Security, specializing in various bits of network, mobile, and application security. Prior to joining Duo, Zach most recently served as a Senior Research Scientist with Accuvant LABS. He has spoken at a variety of security conferences, such as Black Hat, CanSecWest, INFILTRATE, ShmooCon, and SecTor, and is a co-author of the recently published "Android Hackers' Handbook."
avatar for Jay Radcliffe

Jay Radcliffe

Security Researcher, Rapid7
Jay Radcliffe has been working in the computer security field for over twelve years, and is currently a Senior Security Researcher and consultant at Rapid7. Coming from the managed security services industry, Jay has used just about every security device made over the last decade. Recently, Jay has presented ground breaking research on security vulnerabilities in medical devices at Black Hat and Defcon. As he is a type I diabetic, Jay has... Read More →


Wednesday August 6, 2014 16:00 - 17:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:00

Ask the EFF
Once again, the Electronic Frontier Foundation returns to the Underground to answer your toughest Off-the-Record queries. Question some of the greatest minds in the field of internet law, in this annual BSidesLV tradition. (Note: if you need legal advice about your own situation, please contact EFF separately so you can have a confidential conversation.)

Moderators
avatar for Kurt Opsahl

Kurt Opsahl

Deputy ED and General Counsel, Electronic Frontier Foundation
Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives. Opsahl is the lead attorney on the Coders' Rights Project. Before joining EFF, Opsahl worked at Perkins Coie, where he represented technology clients with respect to intellectual property, privacy, defamation... Read More →

Speakers
avatar for Nate Cardozo

Nate Cardozo

Senior Staff Attorney, Electronic Frontier Foundation
NATE CARDOZO is a Senior Staff Attorney on the Electronic Frontier Foundation’s digital civil liberties team. In addition to his focus on free speech and privacy litigation, Nate works on EFF's Who Has Your Back? report and Coders' Rights Project. Nate has projects involving cryptography and the law, automotive privacy, government transparency, hardware hacking rights, anonymous speech, electronic privacy law reform, Freedom of Information... Read More →
EG

Eva Galperin

Eva Galperin is EFFs Global Policy Analyst, and has been instrumental in highlighting government malware designed to spy upon activists around the world. A lifelong geek, Eva misspent her youth working as a Systems Administrator all over Silicon Valley. Since then, she has seen the error of her ways and earned degrees in Political Science and International Relations from SFSU. She comes to EFF from the US-China Policy Institute, where she... Read More →
MJ

Mark Jaycox

Mark Jaycox is a Legislative Analyst for EFF. His issues include user privacy, civil liberties, surveillance law, and "cybersecurity." When not reading legal or legislative documents, Mark can be found reading non-legal and legislative documents, exploring the Bay Area, and riding his bike. He was educated at Reed College, spent a year abroad at the University of Oxford (Wadham College), and concentrated in Political History. The intersection... Read More →
YZ

Yan Zhu

Yan Zhu is a Staff Technologist with EFF. Yan writes code and words to enable pervasive encryption and protect Internet users' privacy. Besides maintaining HTTPS Everywhere at EFF, she is a core developer of SecureDrop and founder of the Worldwide Aaron Swartz Memorial Hackathon Series. In her spare time, Yan writes about the intersection of computer security and humansand tries to find interesting ways to break web applications. She holds a B.S... Read More →


Wednesday August 6, 2014 16:00 - 17:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:20

Teach a man to Phish...
"When the world ends, the only things that will be left on earth will be cockroaches, Twinkies, Keith Richards, and Phishing emails. With easy access to free and low cost cloud services, the Phisher’s job is easier than ever. This session will shed light on the number, variety, and complexity of Phishing emails in an effort to explain why they have not disappeared and why things will get far worse before they get better.

Data from OpenDNS’ PhishTank will be collected, analyzed, and presented to reinforce just how serious the Phishing problem is and how you can help Vinny punch a Phisher in the face by joining the growing community."

Speakers
VL

Vinny Lariza

"As the OpenDNS Community Moderator, Vinny LaRiza does a lot more than swing the banhammer. In addition to patrolling the groups, he serves as support for people experiencing website blocks due to malicious activity, and helps the research team identify malware false positives. | | Vinny also serves as liaison between OpenDNS and the public. Part of his work consists of checking in on the communities in terms of activity, and making sure... Read More →


Wednesday August 6, 2014 16:20 - 16:50
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:55

The Lore shows the Way
Mistakes have been made, and mistakes will be made again. Those unfamiliar with the history of the situation may end up going through the same thought processes and making the same mistakes as the previous generations.

This presents both problems and opportunities for security; it means that project managers and developers will need to keep a close eye on the development process to avoid making these known mistakes, and it also means that penetration testers and other red-team members have (provided they research the development history of their target) a list of potential avenues for exploit.

Through being aware of the historical avenues of attack and the bugs exploited in the past,

Speakers
avatar for Eric Rand

Eric Rand

Systems Mangler, Brown Hat Security
An amateur blacksmith, an amateur radio operator, and a professional know-it-all, Eric has had a deep appreciation for the lore surrounding the IT world for many years. When he's not digging through obscure fora to find out who thought XCHG EAX:EAX was a good idea for a NOP command, Eric is either forging coathooks or stitching together various systems that were never designed to work together. He lives in the mountains of southern California... Read More →


Wednesday August 6, 2014 16:55 - 17:25
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

17:00

Beam Me Up Scotty! – Passwords in the Enterprise
Speakers

Wednesday August 6, 2014 17:00 - 17:45
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

17:00

17:00

We Hacked the Gibson! Now what?
IBM has been touting the security of the mainframe for over 30 years. So much so, that the cult of mainframers believes that the platform is impenetrable. Just try showing how your new attack vector works and you'll be met with 101 reasons why it wouldn't work (until you prove them wrong of course). This talk will take direct aim at the cultist! Previous talks about mainframe security only got you to the front door. Leaving many asking 'great, I got a userid/password, now what?!'. That's what this talk is about: the ‘Now what’. You'll learn a few new techniques to penetrate the mainframe (without a userid/password) and then a bunch of attacks, tricks and mischief you can do to further maintain that access, find important files and really go after the mainframe. During this very Demo Heavy talk you'll learn how to take advantage of APF files, SSL key management, cgi-bin in TYooL 2014, what NJE is and why it's bad, why REXX and SETUID are dangerous and how simple backdoors still work (and will likely go undetected).

Speakers
avatar for Soldier of Fortran

Soldier of Fortran

Supreme Commander, Zed Security
Soldier of Fortran is a mainframe hacker. Being a hacker from way back in the day (BBS and X.25 networks) he was always enamored by the idea of hacking mainframes. Always too expensive and mysterious he settled on hacking windows and linux machines, until 2010 when he finally got his very own. Not worrying about system uptime he dove in head first and was surprised by what he found. He’s spoken both domestically (DEFCON, BlackHat) and... Read More →


Wednesday August 6, 2014 17:00 - 18:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

17:00

Pwning the Pawns with WiHawk
***THIS TALK IS VIA VIDEO CONFERENCE THE US CONSULATE IN CHENNAI COULDN'T PROCESS THEIR VISAS IN TIME FOR THE EVENT***

The elements that play a major role in today’s network architecture are router, gateway, switch, hub, access point etc. In a typical network, wireless or wired router is the key element responsible for connecting the LAN to the internet. A router can be connected to two or more data lines from different network which play the important role of forwarding data packets within computer networks. Security measures at each and every component in network are imperative and there has been significant development in last decade to make networks even more secure. While powerful security rules have been implied at different components of network, router has been one such sensitive and essential element in network which is still poorly configured by companies. They can be compromised by attackers to gain unauthorized access to the private network and can lead to malicious activities like following:


1. An attacker could configure the router to use a malicious DNS (Domain Name System) server, which can then lead to redirection of users to malicious websites.
2. An attacker can set up port forwarding rules to expose internal network services to the Internet.

Vulnerabilities in the management interfaces of wireless routers, vulnerabilities in protocols, inconsistencies in router software and weak authentication can expose the device to remote attacks and thus can be compromised by attackers. These issues had been raised by researchers in late 2012 but even if companies provide patches to upgrade management interface and inconsistencies in router software, these vulnerabilities are unlikely to go away soon because many users never update their routers and other embedded systems.

Due to above said vulnerabilities there are different types of attacks possible on routers which have been identified:
DDos Attack
CSRF
Brute Force
Buffer Overflow
Authentication BYpass
ROM-0 Attack
. In a wireless network there are thousands of Wi-Fi routers which are configured with default user name and passwords, which make them vulnerable to security breaches.

All we can do to find above mentioned vulnerability, scan your router manually and find if your router has any vulnerability mentioned above, But for a non-technical person it’s hard to find out if router is vulnerable or not, this is major reason millions of routers are left open to vulnerabilities and on top of it Vendors doesn’t provide patches for found vulnerability at same time.
Now finding these vulnerabilities and making sure that the router in use is not vulnerable to any of the mentioned vulnerabilities is not easy and so far we didn’t have any tool which will prompt you before being victim of attack that your router is vulnerable to any of the above mentioned attack.

WiHawk is an open source tool for auditing IP addresses to sniff out Wireless routers which are configured with default admin passwords and find out the routers which are vulnerable to Bypass Authentication, Cross Site Request Forgery, Buffer Overflow and FTP Authentication Bypass.
The tool can be used to identify following types of security vulnerabilities in provided IPs:

a) Authentication Bypass
b) Routers configured with default username/passwords
c) Buffer Overflow
d) Cross Site Request Forgery
e) ROM-0 attack
f) FTP authentication Bypass

Speakers
SK

Santhosh Kumar

Security Researcher, Near Security
Santhosh is Security Researcher from India who has been with the security Community since the AGE of 12. Santhosh is also a Founder of a Non Profit Project "Near Security" which mainly focuses on Providing Free and Open Infosec Education Around the Globe. Santhosh has Reported Security vulnerabilities for many companies such as INTEL,IBM, Yahoo, Microsoft, Cisco Etc. Santhosh enjoys learning new things in the age of Digital Security and... Read More →


Wednesday August 6, 2014 17:00 - 18:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

17:00

The Only Way to Tell the Truth is in Fiction: The Dynamics of Life in the National Security State
Over a decade ago, a friend at the National Security Agency told Richard
Thieme that he could address the core issues they discussed in a context
of "ethical considerations for intelligence and security professionals"
only if he wrote fiction. "It's the only way you can tell the truth," he
said.
Three dozen published short stories and one novel-in-progress (FOAM)
later, one result is "Mind Games," published in 2010 by Duncan Long
Publishing, a collection of stories that illuminates “non-consensual
realities:” the world of hackers; the worlds of intelligence
professionals; encounters with other intelligent life forms; and deeper
states of consciousness.
A recent scholarly study of “The Covert Sphere” by Timothy Melley
documents the way the growth and influence of the intelligence community
since World War 2 has created precisely the reality to which that NSA
veteran pointed. The source of much of what “outsiders” believe is
communicated through novels, movies, and television programs. But even IC
“insiders” rely on those sources, as compartmentalization prevents the
big picture from coming together because few inside have a “need to
know.”
Thieme asked a historian at the NSA what historical events they could
discuss with a reasonable expectation that their words denoted the same
details. “Anything up to 1945,” the historian said with a laugh –
but he wasn’t kidding.
Point taken.
This fascinating presentation illuminates the mobius strip on which all
of us walk as we make our way through the labyrinth of security and
intelligence worlds we inhabit of necessity, all of us some of the time
and some of us all of the time. It discloses why “post-modernism” is
not an affectation but a necessary condition of modern life. It addresses
the response of an intelligence analyst at NSA who responded to one of
Thieme’s stories by saying, “most of this isn’t fiction, but you
have to know which part to have the key to the code.” This talk does not
provide that key, but it does provide the key to the key and throws into
relief everything else you hear – whether from the platform or in the
hallways – inside this conference. And out there in the “real
world.”
“Nothing is what it seems

Speakers
RT

Richard Thieme

Richard Thieme is an author and professional speaker focused on the challenges posed by new technologies and the future, how to redesign ourselves to meet these challenges, and creativity in response to radical change and identify shift. His column, "Islands in the Clickstream," was distributed to subscribers in sixty countries before collection as a book in 2004. When a friend at the NSA said as they worked together on ethics and intelligence... Read More →


Wednesday August 6, 2014 17:00 - 18:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

18:00

Closing Keynote
Speakers

Wednesday August 6, 2014 18:00 - 18:45
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV