BSidesLV has ended
Thank you for joining us for our 5th Anniversary celebration! We certainly hope you enjoy the conference. Here’s to Education, Collaboration, and Community!

Remember, we don’t take ourselves too seriously and you shouldn’t, either! To quote the old motto of another collaborative community, "We trick into learning with a laugh".

We wish you both laughter and learning - and lots of both!

-= Team BSidesLV 

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Underground [clear filter]
Tuesday, August 5

11:00 PDT

Skull And Bones (And Warez) - Secret Societies of the Computer Underground (and why you should create one too)
Long ago, during the “Great Age of l33t”, the digital oceans were traversed by notorious bands of pseudonymous ne’er-do-wells. These outlaw fleets, festooned with brightly-colored flags, laden with teenage pomposity and self-importance, roving their way into undiscovered territories . They took whatever they needed, but created many lasting works too.
We will take you on a journey back in time, to experience what life was like during this pioneer era, with tall tales of life on the fringe, epic yarns of solidarity amongst outcasts,  and discuss how forming your own “Digital Outlaw Biker Club” may be a better idea than it ever was.

avatar for Databeast


Dictator for Life, Mercenary Logic
Databeast discovered the underground by way of the computer demoscene in the late 80's . He founded the award-winning demoscene group "Nerve Axis" and was a member of many more lesser-known underground groups (the names of which have thankfully been lost to history). By day he works... Read More →

Space Rogue

Strategist, Tenable
Space Rogue and his colleagues created the first security research think tank known as L0pht Heavy Industries and was a co-founder of the Internet security consultancy @Stake. While at L0pht Heavy Industries Space Rogue created the widely popular Hacker News Network, which quickly... Read More →

Tuesday August 5, 2014 11:00 - 12:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:00 PDT

Custodiet watches your packets! The Open Source MSSP Framework
Our friends lose their jobs. McJobs don't cut it, and unemployment sucks. We decided to make a framework that would allow them to start their own businesses, and to keep their technical skills sharp.

We made an open source MSSP framework. Download it, install it, you're in business. Firewalls, IDS, threat feeds, the work. Hell, we even threw in a ticketing system and marketing fliers.

And we want your help. Make it better. Use it. Tweet about it. MAKE MONEY WITH IT!!!

Tuesday August 5, 2014 12:00 - 13:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00 PDT

Master Serial Killer
Project Robus is a search for vulnerabilities in ICS/SCADA protocol stack implementations. Most research and commercial tools to date have focused on the PLC/RTU/controller (server). Project Robus tests both the RTU server and the master (client) sides of DNP3 and Modbus protocol stack implementations. Attacking the DNP3 master in the control center can eliminate the ability to monitor and control an entire SCADA system, such as an entire electric transmission or distribution system … all from accessing a serial or IP connection in one unmanned substation.


Chris Sistrunk

Sr. Consultant, Mandiant
Chris Sistrunk is a Senior Consultant at Mandiant, focusing on cyber security for industrial control systems (ICS) and critical infrastructure. Prior to joining Mandiant, Chris was a Senior Engineer at Entergy (over 11 years) where he was the Subject Matter Expert (SME) for Transmission... Read More →

Tuesday August 5, 2014 14:00 - 15:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:00 PDT

501(c)(3) for (un)fun and (non)profit
So you want to be a non-profit charitable corporation, eh? Do you understand what that means, the amount of work involved, and the restrictions 501(c)(3) places on your fundraising? In this talk, I will review the process Security BSides Las Vegas, Inc. went through to become a 501(c)(3), and discuss the restrictions imposed by being an IRS-recognized charitable organization. I'll also discuss a few options to 501(c)(3), as well as the advantages to federal non-profit status. Participants in this talk will have a better idea of the pros and cons of 501(c)(3) status, and the challenges involved in becoming a 501(c)(3).

avatar for Jack Daniel

Jack Daniel

Co-Founder, Security BSides
Security BSides, the history of infosec, the meaning of life.

Tuesday August 5, 2014 15:00 - 16:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:00 PDT

Protecting Data – How Cultural-Political Heritage Shapes Security Approaches
In Europe, security systems are built with the end goal to safe-keep the privacy of sensitive data. In the U.S, security systems are architected with the goal of securing sensitive infrastructures. Recent revelations about the NSA snooping and international backlash demonstrate the dramatic international differences in privacy vs. security values. Those differences also play out in how security systems are architected. Beginning with “what is the data being protected?” vs. “how do we keep the bad guys out?” will lead to two very different security solutions.


Malte Pollmann

CEO, Utimaco
CEO of Utimaco, a leader in high-end hardware-based security solutions that provide the root of trust to keep cryptographic keys safe, secure critical digital infrastructures and protect high value data assets.

Tuesday August 5, 2014 16:00 - 17:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

17:00 PDT

FAP Fully Automated Pwning Techniques for Automated Reversing
Techniques to fully automate finding certain vulnerabilities while reversing have become much easier due to research using XUtools (extended grep and diff). This talk will explore these newly discovered automated techniques for reversing. Join us while we help to demystify certain aspects of reversing while pissing off prima donna reversers. What more can you ask for in an underground talk?


Edmond 'bigezy' Rogers

bigezy Actively involved as an industry participant in many research activities in UIUC's ITI’s TCIPG Center, including work on NetAPT (the Network Access Policy Tool) and LZFuzz (Proprietary Protocol Fuzzing). Prior to joining ITI, Bigezy was a security analyst a Fortune 500 investor-owned... Read More →

Tuesday August 5, 2014 17:00 - 18:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV
Wednesday, August 6

10:00 PDT

Business lessons that made me a better Security Professional
Case study of a three year journey of starting and managing a security non-profit.  Will talk about lessons learned from the experience and successes and failures.  Additionally, will also talk about how the non-profit has made a positive impact on the local community and how the lessons learned are also applicable to other facets of one's life and job. Building a non-profit can help break down "echo chambers".


Tony Vargas

Technical Leader, Engineering and Security Strategist, Cisco
Tony is a Technical Leader and Security Strategist of Engineering. He is a Distinguished Subject Matter Expert (SME) in Application Security, Security Awareness, IT Security, Cloud Computing and Software Development. He provides both technical leadership and consultation in all of... Read More →

Wednesday August 6, 2014 10:00 - 11:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

11:00 PDT

Reverse Engineering Mac Malware
Dynamic malware reverse engineering helps forensic analysts and reverse engineers gather quick data points such as callout domains, file download URLs or IP addresses, and dropped or modified files. These methods have long been used on Windows malware...so why not Mac malware? This presentation introduces the audience to methods, tools, and resources to assist reversing Mac binaries with a Mac. Topics include Mach-O file format, virtualization, analysis VM setup, and various analysis tools (native and 3rd-party). This presentation is intended for those familiar with dynamic analysis (with a touch of static thrown in) or for those reverse engineering masters of the Windows executable to get a introductory idea of how to start analyzing Mac malware.

avatar for Sarah Edwards

Sarah Edwards

SANS Author & Instructor of FOR518, SANS Institute
Sarah is an senior digital forensic analyst who has worked with various federal law enforcement agencies. She has performed a variety of investigations including computer intrusions, criminal, counter‐intelligence, counter-narcotic, and counter‐terrorism. Sarah's research and... Read More →

Wednesday August 6, 2014 11:00 - 12:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

12:00 PDT

Secret Pentesting Techniques Part Duex
As pentesters, we all have special techniques and tricks we use that make our jobs a lot easier. A few years back, I presented at BSIDES LV on some of the cool techniques that I use on a regular basis. This talk will dive down into all of the new techniques and latest and greatest hacks to make pentesting something easy and successful. This talk will also discuss how to mitigate some of the techniques and attacks.

avatar for David Kennedy

David Kennedy

TrustedSec & Binary Defense Systems
David Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David also serves as a board of director for the ISC2 organization. David was the former CSO for a Diebold... Read More →

Wednesday August 6, 2014 12:00 - 13:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

14:00 PDT

Ripped from the Headlines What the news tells us about Information Security Incidents
Take a scientific look at information security incidents reported in the public news sources.  This talk introduces the VERIS Community Database (VCDB), a research project aimed at gathering news articles about information security incidents, extracting data, and serving as a public repository of breach data suitable for analysis and research.  We will discuss how to apply the methodology of the Data Breach Investigations Report (DBIR) to public data to answer research questions, and how this view of information security incidents differs from the DBIR.


Kevin Thompson

Kevin Thompson (@bfist) is a Risk and Intelligence Researcher with the Verizon RISK Team and one of the authors of the Data Breach Investigation Report. Kevin has worked in health care, higher ed, and defense and has 17 years of IT experience. He is a member of the Society of Risk... Read More →

Suzanne Widup

Suzanne Widup (@SuzanneWidup) is a member of the Verizon RISK Team and a co-author of the Verizon Data Breach Investigations Report. She focuses on data breach research and has published a series of papers and articles on the topic. She is also the author of Computer Forensics and... Read More →

Wednesday August 6, 2014 14:00 - 15:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

15:00 PDT

Fuck These Guys: Practical Countersurveillance
We've all seen the steady stream of revelations about the NSA's unconstitutional, illegal mass surveillance. Seems like there's a new transgression revealed every week! I'm getting outrage fatigue. So I decided to fight back... by looking for practical, realistic, everyday actions I can take to protect my privacy and civil liberties on the Internet, and sharing them with my friends.

Join me in using encryption and privacy technology to resist eavesdropping and tracking, and to start to opt out of the bulk data collection that the NSA has unilaterally decided to secretly impose upon the world. Let's take back the Internet, one encrypted bit at a time.


Lisa Lorenzin

Lisa Lorenzin is a network security geek; in her day job, she's worked in a variety of Internet-related roles since 1994, with the past 15 years focused on network and information security. She's currently interested in free speech, privacy, digital rights, and global Internet fr... Read More →

Wednesday August 6, 2014 15:00 - 16:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

16:00 PDT

Ask the EFF
Once again, the Electronic Frontier Foundation returns to the Underground to answer your toughest Off-the-Record queries. Question some of the greatest minds in the field of internet law, in this annual BSidesLV tradition. (Note: if you need legal advice about your own situation, please contact EFF separately so you can have a confidential conversation.)

avatar for Kurt Opsahl

Kurt Opsahl

Deputy Executive Director and General Counsel, Electronic Frontier Foundation
Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives. Opsahl is the lead attorney on the Coders... Read More →

avatar for Nate Cardozo

Nate Cardozo

Senior Staff Attorney, Electronic Frontier Foundation
Nate Cardozo is a Senior Staff Attorney on EFF’s civil liberties team where he focuses on cybersecurity policy and defending coders’ rights.Nate has litigated cases involving electronic surveillance, freedom of information, digital anonymity, online free expression, and government... Read More →

Eva Galperin

Eva Galperin is EFFs Global Policy Analyst, and has been instrumental in highlighting government malware designed to spy upon activists around the world. A lifelong geek, Eva misspent her youth working as a Systems Administrator all over Silicon Valley. Since then, she has seen the... Read More →

Mark Jaycox

Mark Jaycox is a Legislative Analyst for EFF. His issues include user privacy, civil liberties, surveillance law, and "cybersecurity." When not reading legal or legislative documents, Mark can be found reading non-legal and legislative documents, exploring the Bay Area, and riding... Read More →

Yan Zhu

Yan Zhu is a Staff Technologist with EFF. Yan writes code and words to enable pervasive encryption and protect Internet users' privacy. Besides maintaining HTTPS Everywhere at EFF, she is a core developer of SecureDrop and founder of the Worldwide Aaron Swartz Memorial Hackathon Series... Read More →

Wednesday August 6, 2014 16:00 - 17:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

17:00 PDT

The Only Way to Tell the Truth is in Fiction: The Dynamics of Life in the National Security State
Over a decade ago, a friend at the National Security Agency told Richard
Thieme that he could address the core issues they discussed in a context
of "ethical considerations for intelligence and security professionals"
only if he wrote fiction. "It's the only way you can tell the truth," he
Three dozen published short stories and one novel-in-progress (FOAM)
later, one result is "Mind Games," published in 2010 by Duncan Long
Publishing, a collection of stories that illuminates “non-consensual
realities:” the world of hackers; the worlds of intelligence
professionals; encounters with other intelligent life forms; and deeper
states of consciousness.
A recent scholarly study of “The Covert Sphere” by Timothy Melley
documents the way the growth and influence of the intelligence community
since World War 2 has created precisely the reality to which that NSA
veteran pointed. The source of much of what “outsiders” believe is
communicated through novels, movies, and television programs. But even IC
“insiders” rely on those sources, as compartmentalization prevents the
big picture from coming together because few inside have a “need to
Thieme asked a historian at the NSA what historical events they could
discuss with a reasonable expectation that their words denoted the same
details. “Anything up to 1945,” the historian said with a laugh –
but he wasn’t kidding.
Point taken.
This fascinating presentation illuminates the mobius strip on which all
of us walk as we make our way through the labyrinth of security and
intelligence worlds we inhabit of necessity, all of us some of the time
and some of us all of the time. It discloses why “post-modernism” is
not an affectation but a necessary condition of modern life. It addresses
the response of an intelligence analyst at NSA who responded to one of
Thieme’s stories by saying, “most of this isn’t fiction, but you
have to know which part to have the key to the code.” This talk does not
provide that key, but it does provide the key to the key and throws into
relief everything else you hear – whether from the platform or in the
hallways – inside this conference. And out there in the “real
“Nothing is what it seems


Richard Thieme

Richard Thieme is an author and professional speaker focused on the challenges posed by new technologies and the future, how to redesign ourselves to meet these challenges, and creativity in response to radical change and identify shift. His column, "Islands in the Clickstream," was... Read More →

Wednesday August 6, 2014 17:00 - 18:00 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV