BSidesLV has ended
Thank you for joining us for our 5th Anniversary celebration! We certainly hope you enjoy the conference. Here’s to Education, Collaboration, and Community!

Remember, we don’t take ourselves too seriously and you shouldn’t, either! To quote the old motto of another collaborative community, "We trick into learning with a laugh".

We wish you both laughter and learning - and lots of both!

-= Team BSidesLV 

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Common Ground [clear filter]
Tuesday, August 5

11:00 PDT

SHA-1 backdooring and exploitation
We've heard a lot about crypto backdoors recently (the flawed Dual_EC RNG, NIST curves and their fishy parameters, etc.). This talk presents new results on crypto backdooring, with the first published backdoor of its kind: a sabotaged version of SHA-1 that allows us to create exploitable collisions, such that we fully control the content of the colliding files: unlike theoretical "breaks" of SHA-1, our collision attacks are practical, although they use sophisticated differential attacks. We'll demonstrate PoCs of colliding binaries (MBR, COM), as well as compressed archives (RAR, 7zip) and JPEG images.

avatar for Jean-Philippe Aumasson

Jean-Philippe Aumasson

Principal Research Engineer, Kudelski Security
Jean-Philippe (JP) Aumasson is Principal Research Engineer at Kudelski Security, in Switzerland. He obtained his PhD in cryptography from EPFL in 2010. JP designed the popular cryptographic functions BLAKE2 and SipHash, and the new authenticated cipher NORX. He presented at Black... Read More →

Tuesday August 5, 2014 11:00 - 11:30 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:45 PDT

Evading code emulation: Writing ridiculously obvious malware that bypasses AV
Code emulation, a technology capable of detecting malware for which no signature exists. It’s a powerful step in the right direction for client security, but it’s a long way from mature. This talk will demonstrate how the code emulation engine in Anti-Virus Guard (AVG) can be reverse engineered by progressively testing its features, and ultimately evading detection. The result is a Command-and-Control (C&C) bot, in a non-obfuscated windows shell script, that AVG and many other leading AV engines will not detect. I will propose solutions on how these code emulation environments can be improved, making the detection of zero day malware far more successful going forward. This is not a jab against AVG, as they get enormous credit for including such a powerful tool in a free antivirus client.


Kyle Adams

Chief Software Architect for Junos WebApp Secure, Juniper Networks
Kyle Adams has been involved with security since a very early age. Self-taught, he learned the basics of hacking and security defense strategies long before entering the professional world. Early on, much of his professional focus was on web security threats like SQLi, XSS, CSRF... Read More →

Tuesday August 5, 2014 11:45 - 13:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00 PDT

Security Management Without the Suck
This talk will discuss real world techniques for implementing and optimizing a security program that we call RADIO(Recon, Analyze, Develop, Implement, Optimize). Conventional wisdom has historically presented guidance that works well in textbook scenarios or for very large companies but often does not integrate well with small to medium size companies. Our Five Step approach aims to provide more reasonable guidance for small to medium size companies or those organizations with operational models that might not lend themselves well to traditional methods.

avatar for Tim Krabec

Tim Krabec

Senior Information Security Analyst, [Redacted]
Just Father with an Infosec problem.

Tony Turner

Tony Turner Bio: Tony has over 10 years of working experience in the information security field, specializing in Web Application Firewalls and Web Application Architecture. Tony has a wide range of experiences including Penetration Testing, Incident Response, Security Architecture... Read More →

Tuesday August 5, 2014 14:00 - 15:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:00 PDT

Vulnerability Assessments on SCADA: How i 'owned' the Power Grid.
Critical Infrastructure security has been on the news and the talk of the town since 2005. While there are many talks and demonstrations about how to penetrate and exploit SCADA systems, little discussions about the pre-exploitation phase were shared and discussed. I'm talking of course about the Vulnerability Assessment phase. Some may have performed such assessment before and many are curious as to how to start it in the first place. Questions like, what are the methodologies used in performing an assessment on SCADA networks? What information is required before we click the 'Start Scan Now' button? What plugins should be used? And do my scans guarantee that these ultra sensitive systems will not go down? And which approach (automatic or manual) should be used in which situation. This talk is to share my personal experience and challenges faced during a SCADA assessment. I will also give an overview of a typical SCADA environment, the tools used for the assessment, the type of vulnerabilities found and how easy it is for an attacker to potentially 'own' the Power Grid and why the US is vulnerable.


Fadli B. Sidek

Security Consultant, BT Global Services
A security consultant by day and a bookworm by night, Fadli works at BT as a penetration tester and has a huge passion in security. He graduated from Murdoch University, Australia with a Double Majors Degree in Cyber Forensics, Information Security Management. He has over 8 years... Read More →

Tuesday August 5, 2014 15:00 - 16:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:00 PDT

Malware Analysis 101 - N00b to Ninja in 60 Minutes
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the big boys. This presentation covers several analysis environments and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.

avatar for grecs


Founder, NovaInfosec.com
grecs has over 17 years experience, undergraduate and graduate engineering degrees, and a really well known security certification. Despite his formal training, grecs has always been more of a CS person at heart going back to his VIC-20, Commodore 64, and high school computer club... Read More →

Tuesday August 5, 2014 16:00 - 17:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

17:00 PDT

Travel Hacking With The Telecom Informer
People who know that I have visited all seven continents tell me all the time, “I could never travel as much as you do.” Granted, North Korea, Antarctica and Myanmar are not for everyone, but if you’re living in the developed world, travel is very much within your reach. All you need is flexibility and your hacker ingenuity. In this talk, you’ll learn why you should travel, and how you can do it for little or nothing by applying hacker ingenuity and using travel hacks.

avatar for TProphet


Telecom Informer, 2600: The Hacker Quarterly
Legend of lounge and creator of chill TProphet has played for audiences all over the world. As co-founder of Queercon and Photosynthesis Festival and member of the Immersion System and GoaProductions DJ collectives, TProphet has bridged music and hacker culture for over a decade... Read More →

Tuesday August 5, 2014 17:00 - 18:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV
Wednesday, August 6

10:00 PDT

The untold story about ATM Malware
Everyone talks about ATM Malware, we can see videos in Internet hacking these machines but no one explains HOW an attacker can take control of an ATM and command it to dispense the money at will.

Is it possible to control an ATM from a cell phone? What about a Man-in-the-middle attack to intercept the traffic between the ATM and the bank?

Come to my talk and learn these and many other techniques used from Venezuela to Russia Hackers that are emptying ATMs without restrictions.


Daniel Regalado

Sr. Malware Staff Researcher, Hack Defender
Daniel Regalado aka DanuX es un chavoruco chiapaneco con mas de 16 años chambeando y con alrededor de 12 concentrados en temas de seguridad, fue pentester en Mexico (al menos eso le hizo creer a las empresas donde trabajo) y en el 2008 emigro a los United States donde ha trabajado... Read More →

Wednesday August 6, 2014 10:00 - 11:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:00 PDT

Using Superpowers for Hardware Reverse Engineering
Superpowers, normally used by superheroes in the battle of good versus evil, are also accessible to engineers and hackers in equipment used for failure analysis and verification of PCB fabrication and component assembly processes. In this mostly visual presentation, Joe shares his experiences of using lasers, X-rays, and sound waves to facilitate the reverse engineering of electronic products and circuit boards.


Joe Grand

Hardware hacker, engineer, runner, daddy.

Wednesday August 6, 2014 11:00 - 12:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:00 PDT

Why am I surrounded by friggin' idiots?!? (Because you hired them!)
Let’s face it… Many people have better luck at the craps table that they do hiring the right candidate for their INFOSEC opening. Making matters worse, most of us have come from a purely technical background and don’t know the faintest thing about building our own team. There can be nothing more disheartening than finding out that you've hired the wrong guy, or worse yet, let the *right* one walk away. In this presentation we will discuss strategies for making sure the best new employee makes it in the door. This includes everything from recruiting, prescreening, reviewing resumes, conducting good interviews, and asking tough interview questions. This talk is aimed towards both managers who are tasked with hiring and interviewees who want make sure they are at the top of their game.

avatar for Stephen Heath

Stephen Heath

Director of Security Services, Intrinium
Stephen Heath is an INFOSEC/pentester guy who has over a decade of experience in the security industry. He currently serves as Director of Security Services at Intrinium in the Pacific Northwest. He is a theatre fan, lefty wonk, NW sports fanatic, hip hop historian, cinephile, world... Read More →

Wednesday August 6, 2014 12:00 - 13:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00 PDT

Demystiphying and Fingerprinting the 802.15.4/ZigBee PHY
Producing IEEE 802.15.4 PHY-frames reliably accepted by some digital radio receivers, but rejected by others---depending on the receiver chip's make and model---has strong implications for wireless security. Attackers could target specific receivers by crafting "shaped charges," attack frames that appear valid to the intended target and are ignored by all other recipients. By transmitting in the unique, slightly non-compliant "dialect" of the intended receivers, attackers would be able to create entire communication streams invisible to others, including wireless intrusion detection and prevention systems (WIDS/WIPS).

These scenarios are no longer theoretic. We present methods of producing such IEEE 802.15.4 frames with commodity digital radio chips widely used in building inexpensive 802.15.4-conformant devices. Typically, PHY-layer fingerprinting requires software-defined radios that cost orders of magnitude more than the chips they fingerprint; however, our methods do not require a software-defined radio and use the same inexpensive chips.

Knowledge of such differences, and the ability to fingerprint them is crucial for defenders. We investigate new methods of fingerprinting IEEE 802.15.4 devices by exploring techniques to differentiate between multiple 802.15.4-conformant radio-hardware manufacturers and firmware distributions. Further, we point out the implications of these results for WIDS, both with respect to WIDS evasion techniques and countering such evasion.

This is joint work with Travis Goodspeed, Rebecca Shapiro, and other good neighbors.


Sergey Bratus

Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He sees state-of-the-art hacking as a distinct research and engineering discipline that, although not yet recognized as such, harbors deep insights into the nature of computing. He has a Ph.D... Read More →

Ira Ray Jenkins

Ira Ray Jenkins is a Ph.D. student at Dartmouth College. He aspires to make micro-controllers do things they don't expect. Sergey Bratus is a Research Associate Professor at Dartmouth College. He enjoys sending his students on quests to find "weird machines" in the jungles of New... Read More →

Wednesday August 6, 2014 14:00 - 15:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:00 PDT

Insider Threat Kill Chain: Human Indicators of Compromise
Your organization’s greatest assets are also its greatest threat: People. Your greatest risk are those you trust.

The intentions of these insiders can be sabotage, fraud, intellectual property theft or espionage. However, in many cases, patterns of detectable behavior and network activity emerge that provide indicators of risk, assist in early detection and in speeding up response time of an actual incident.

avatar for Ken Westin

Ken Westin

Staff Security Specialist, Splunk
Ken is a creative technologist with 16 years experience building and breaking things through the use/misuse of technology. His technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist and others. He has presented... Read More →

Wednesday August 6, 2014 15:00 - 15:30 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:30 PDT

A Place to Hang Our Hats: Security Community and Culture
Contrary to popular belief and media depictions, hacking is a social endeavor. By examining the evolution of various hacking groups and collectives over the years, we can glean valuable insight into the structure of today’s hacking space and security culture. From white hat companies to prison, we look at how innovation in exploits and anonymity have reformed and regrouped the hacking clubs of yore.


Domenic Rizzolo

Domenic Rizzolo is a Security Research Intern in the Duo Labs division of Duo Security, studying Math and Complex Systems at the University of Michigan. He’s very interested in what exploring security and hacking culture from an historical context can tell us about modern security... Read More →

Wednesday August 6, 2014 15:30 - 16:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:00 PDT

Booze, Devil's Advocate, and Hugs: the Best Debates Panel You'll See at BSidesLV 2014
Our four intrepid debaters will tackle the most pressing issues facing the security community today, as suggested by you, our insightful audience. See them use their amazing powers of speech, logic, and insinuation to best each other. You vote for the most convincing argument, and the loser drinks.  This is a funny and thought-provoking session, driven by audience participation, alcohol, and hugs.    



SVP, Cloud Security Architect, Bank of America
On a Pale Horse.

avatar for Josh Corman

Josh Corman

Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The... Read More →
avatar for David Kennedy

David Kennedy

TrustedSec & Binary Defense Systems
David Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David also serves as a board of director for the ISC2 organization. David was the former CSO for a Diebold... Read More →

Zach Lanier

Zach Lanier is a Senior Security Researcher with Duo Security, specializing in various bits of network, mobile, and application security. Prior to joining Duo, Zach most recently served as a Senior Research Scientist with Accuvant LABS. He has spoken at a variety of security conferences... Read More →
avatar for Jay Radcliffe

Jay Radcliffe

Security Researcher, Rapid7
Jay Radcliffe has been working in the computer security field for over twelve years, and is currently a Senior Security Researcher and consultant at Rapid7. Coming from the managed security services industry, Jay has used just about every security device made over the last decade... Read More →

Wednesday August 6, 2014 16:00 - 17:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

17:00 PDT

Pwning the Pawns with WiHawk

The elements that play a major role in today’s network architecture are router, gateway, switch, hub, access point etc. In a typical network, wireless or wired router is the key element responsible for connecting the LAN to the internet. A router can be connected to two or more data lines from different network which play the important role of forwarding data packets within computer networks. Security measures at each and every component in network are imperative and there has been significant development in last decade to make networks even more secure. While powerful security rules have been implied at different components of network, router has been one such sensitive and essential element in network which is still poorly configured by companies. They can be compromised by attackers to gain unauthorized access to the private network and can lead to malicious activities like following:

1. An attacker could configure the router to use a malicious DNS (Domain Name System) server, which can then lead to redirection of users to malicious websites.
2. An attacker can set up port forwarding rules to expose internal network services to the Internet.

Vulnerabilities in the management interfaces of wireless routers, vulnerabilities in protocols, inconsistencies in router software and weak authentication can expose the device to remote attacks and thus can be compromised by attackers. These issues had been raised by researchers in late 2012 but even if companies provide patches to upgrade management interface and inconsistencies in router software, these vulnerabilities are unlikely to go away soon because many users never update their routers and other embedded systems.

Due to above said vulnerabilities there are different types of attacks possible on routers which have been identified:
DDos Attack
Brute Force
Buffer Overflow
Authentication BYpass
ROM-0 Attack
. In a wireless network there are thousands of Wi-Fi routers which are configured with default user name and passwords, which make them vulnerable to security breaches.

All we can do to find above mentioned vulnerability, scan your router manually and find if your router has any vulnerability mentioned above, But for a non-technical person it’s hard to find out if router is vulnerable or not, this is major reason millions of routers are left open to vulnerabilities and on top of it Vendors doesn’t provide patches for found vulnerability at same time.
Now finding these vulnerabilities and making sure that the router in use is not vulnerable to any of the mentioned vulnerabilities is not easy and so far we didn’t have any tool which will prompt you before being victim of attack that your router is vulnerable to any of the above mentioned attack.

WiHawk is an open source tool for auditing IP addresses to sniff out Wireless routers which are configured with default admin passwords and find out the routers which are vulnerable to Bypass Authentication, Cross Site Request Forgery, Buffer Overflow and FTP Authentication Bypass.
The tool can be used to identify following types of security vulnerabilities in provided IPs:

a) Authentication Bypass
b) Routers configured with default username/passwords
c) Buffer Overflow
d) Cross Site Request Forgery
e) ROM-0 attack
f) FTP authentication Bypass


Santhosh Kumar

Security Researcher, Near Security
Santhosh is Security Researcher from India who has been with the security Community since the AGE of 12. Santhosh is also a Founder of a Non Profit Project "Near Security" which mainly focuses on Providing Free and Open Infosec Education Around the Globe. Santhosh has Reported Security... Read More →

Wednesday August 6, 2014 17:00 - 18:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV