BSidesLV has ended
Thank you for joining us for our 5th Anniversary celebration! We certainly hope you enjoy the conference. Here’s to Education, Collaboration, and Community!

Remember, we don’t take ourselves too seriously and you shouldn’t, either! To quote the old motto of another collaborative community, "We trick into learning with a laugh".

We wish you both laughter and learning - and lots of both!

-= Team BSidesLV 

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Ground Truth [clear filter]
Tuesday, August 5

11:00 PDT

The Power Law of Information
Power laws occur widely and irrefutably in economics, physics, biology, and international relations. The root causes of power laws are hard to determine, but a good theory is that proportional random growth causes the phenomenon. This talk will attempt to prove a power law for breach size and breach occurrence volume, using data from over 30,000 businesses. The goal is to show that no matter the set of breaches one picks, the most impactful breach will have more impact than all the others combined. Information security breaches are scale-invariant and distributed according to a power law.

avatar for Michael Roytman

Michael Roytman

Senior Data Scientist, Kenna Security
Michael Roytman is Risk I/O’s Data Scientist, responsible for building out Risk I/O’s predictive analytics functionality. He has written about vulnerability management with Dan Geer of In-Q-Tel, and has previously spoken at RSA, SOURCE, various BSides and SIRAcon. He formerly... Read More →

Tuesday August 5, 2014 11:00 - 11:40 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:50 PDT

Measuring the IQ of your Threat Intelligence feeds
Threat Intelligence feeds are now being touted as the saving grace for SIEM and log management deployments, and as a way to supercharge incident detection and even response practices. We have heard similar promises before as an industry, so it is only fair to try to investigate. Since the actual number of breaches and attacks worldwide is unknown, it is impossible to measure how good threat intelligence feeds really are, right? Enter a new scientific breakthrough developed over the last 300 years: statistics!


Kyle Maxwell

Kyle Maxwell is a private-sector threat intelligence analyst and malware researcher working with incident response and security operations. He is a GPL zealot, believes in UNIX uber alles, and supports his local CryptoParty. Kyle holds a degree in Mathematics from the University of... Read More →
avatar for Alex Pinto

Alex Pinto

Security Data Scientist, Niddel (Verizon)
Alex Pinto is a Security Data Scientist at Niddel (now a Verizon company) and the lead of MLSec Project. He has been working on threat hunting automation with machine learning and data science techniques for the last 5 years and has been working in Information Security for 20 years... Read More →

Tuesday August 5, 2014 11:50 - 12:40 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00 PDT

Strategies Without Frontiers
Predicting your adversary's behaviour is the holy grail of threat modeling. This talk will explore the problem of adversarial reasoning under uncertainty through the lens of game theory, the study of strategic decision-making among cooperating or conflicting agents. Starting with a thorough grounding in classical two-player games such as the Prisoner's Dilemma and the Stag Hunt, we will also consider the curious patterns that emerge in iterated, round-robin, and societal iterated games.

But as a tool for the real world, game theory seems to put the cart before the horse: how can you choose the proper strategy if you don't necessarily even know what game you're playing? For this, we turn to the relatively young field of probabilistic programming, which enables us to make powerful predictions about adversaries' strategies and behaviour based on observed data.

This talk is intended for a general audience; if you can compare two numbers and know which one is bigger than the other, you have all the mathematical foundations you need.

avatar for Meredith L. Patterson

Meredith L. Patterson

By day a mild-mannered build engineer, by night the leader of the Langsec Conspiracy (http://www.langsec.org), Meredith L. Patterson lives in Brussels, Belgium. She wrote and maintains the Hammer parser generator library (https://github.com/UpstandingHackers/hammer), and is currently... Read More →

Tuesday August 5, 2014 14:00 - 15:20 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:30 PDT

ClusterF*ck - Actionable Intelligence from Machine Learning
Everybody is aware of the buzzword BINGO wining square of "Machine Learning", but how can we apply this to a real problem? More importantly what output can we drive from doing some analysis! This talk will cover clustering (unlabeled data) of file types based off various static features. Then, using information from the clusters, is it possible to automatically generate Yara signatures to go hunting for files that are similar? We believe so, and we'll show you how you can do this at home.


David Dorsey

David has been in the security field for over 10 years now. He enjoys static file analysis and tearing apart shellcode. He's starting to add various data analysis techniques to this toolbox when before he would only rely on hex editors, debuggers, and disassemblers.

Mike Sconzo

Mike enjoys attempting to solve/solving interesting security problems with data analysis. He's spent most of his career on the defensive side, and is constantly looking for new ways to detect suspicious and malicious behavior. His background is heavy in network analysis and most of... Read More →

Tuesday August 5, 2014 15:30 - 16:10 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:20 PDT

Know thy operator
In real world systems, operators are often inundated with alarms which alert when various anomalous events are detected. A software tool was developed that makes use of machine learning methods to allow the operators the ability to prioritize events of high interest. This tool relies heavily on the quality and validity of the data used for training.   


Misty Blowers

Dr Misty Blowers works for the US Airforce Research Laboratory in Rome, NY working in the cyber operations branch. She is also a Professor of Data Mining at Syracuse University.

Tuesday August 5, 2014 16:20 - 17:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

17:10 PDT

Improving security by avoiding traffic and still get what you want in data transfers
Critical infrastructure systems are frequently constructed with components never designed for use in today's networked environment. While security conscious enterprises have extensive security mechanisms, these do not immediately transfer to many of our critical infrastructure networks. And yet we still need to move data in and out of them safely. This talk examines how to use the computer science concept of state to provide the equivalent of system isolation from hostile traffic on the network. Forget firewalls, air-gaps, and VPNs, and learn to embrace state transfers. This talk will explore the use of state transfer as a safer alternative to network data transfers. As more and more of our critical infrastructure is using TCP/IP networking and being connected via the Internet, methods to isolate the systems from a traffic signal point of view offer the best current technology to protect our networks, both operational technology (OT) and IT. This talk will give real world examples showing how to maintain all desired functionality, and yet sever the connection to unwanted signals carried in network traffic.

avatar for Art Conklin

Art Conklin

Associate Professor, University of Houston
Wm. Arthur Conklin is an Associate Professor and Director of the Center for Information Security Research and Education in the College of Technology at the University of Houston. He holds two terminal degrees, a Ph.D. in Business Administration (specializing in Information Security... Read More →

Tuesday August 5, 2014 17:10 - 17:50 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

18:00 PDT

The Semantic Age - or - A Young Ontologist's Primer
As Big Data and Machine-Learning start to make strides into Infosec, most of the rest of us are still working in SQL databases, CSV files and glueing things together with python and javascript - while the folks with the Math degrees seem to be having all the fun with the data. Well, no more. We're information security practitioners : data is nice, but information is better - but how can we go from wikis, notes and whitepapers to processing the information we generate and doing something fun with that? Semantic Data systems open up machine learning and reasoning to the rest of us, with plain-language operations and natural language storage of information, not data. The Semantic Web has been around since the early days of the web, but is still misunderstood, and difficult to get into - so I've done all the hard work for you already - come and learn some practical tools, technologies and techniques for encoding the 'things we know' on top of the 'things we have' and show the world that you don't need a PhD in Applied Mathematics to come take part in the emerging world of information-drive information security.

Tuesday August 5, 2014 18:00 - 18:40 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV